oss-sec mailing list archives
Re: Re: MySQL - use-after-free after mysql_stmt_close()
From: Brian May <brian () linuxpenguins xyz>
Date: Fri, 16 Jun 2017 08:20:40 +1000
Kurt Seifried <kseifried () redhat com> writes:
Should we assign CVEs for code examples/documentation? E.g. We assign CVEs for code shipped to people in digital form. Why not assign CVEs for code in documentation or commonly used examples? We can go with the rational that CVEs get assigned to the affected code bases (e.g. when someone implements that documentation/code), but it might also be good to educate the community about bad examples/documentation/etc.
For a prior example, in this case of documentation suggesting insecure configuration, see: http://www.openwall.com/lists/oss-security/2015/03/28/7 I note that the documentation still has the bad example listed, with no indication that this is bad. http://www.openldap.org/doc/admin24/guide.html#Access Control Examples -- Brian May <brian () linuxpenguins xyz> https://linuxpenguins.xyz/brian/
Current thread:
- MySQL - use-after-free after mysql_stmt_close() Pali Rohár (Jun 08)
- Re: MySQL - use-after-free after mysql_stmt_close() Pali Rohár (Jun 12)
- Re: Re: MySQL - use-after-free after mysql_stmt_close() Adam Maris (Jun 15)
- Re: Re: MySQL - use-after-free after mysql_stmt_close() Kurt Seifried (Jun 15)
- Re: Re: MySQL - use-after-free after mysql_stmt_close() Kurt H Maier (Jun 15)
- Re: Re: MySQL - use-after-free after mysql_stmt_close() kseifried () redhat com (Jun 15)
- Re: Re: MySQL - use-after-free after mysql_stmt_close() Seth Arnold (Jun 15)
- Re: Re: MySQL - use-after-free after mysql_stmt_close() Adam Maris (Jun 15)
- Re: Re: MySQL - use-after-free after mysql_stmt_close() Feng Cao (Jun 15)
- Re: Re: MySQL - use-after-free after mysql_stmt_close() Brian May (Jun 15)
- Re: MySQL - use-after-free after mysql_stmt_close() Pali Rohár (Jun 12)