Re: CVE Request: MySQL: MyISAM temporary file issue

[Kurt Seifried <kseifried () redhat com>]

On 11/09/14 01:36 PM, Ritwik Ghoshal wrote:
> On 9/11/2014 1:28 AM, Sven Kieske wrote:
> > On 10/09/14 18:00, Salvatore Bonaccorso wrote:
> > > Hi
> > >
> > > The changes for MySQL 5.5.39[1] and 5.6.20[2] contain a reference to
> > > the following issue, which could be exploited by a local user to run
> > > arbitrary code in context of the mysqld server.
> >
> > While I'm investigating this:
> > Does someone happen to know in which version this vuln got introduced?
>
> A complete list of all affected-supported MySQL releases will be
> published via Oracle's quarterly Critical Patch Update(CPU) advisory.
> More information about our CPU program is available at -
> http://www.oracle.com/technetwork/topics/security/alerts-086861.html
>
>
> Thanks,
> -Ritwik

So you're saying you won't tell anyone until the middle of October? So
we have to wait just under 3 months from the release of MySQL 5.5.39 to
find out exactly what versions are affected by security flaws fixed in it?

Are you serious?

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Attachment: signature.asc
Description: OpenPGP digital signature