[debian-mysql] Bug#695001: mysql-5.5: New MySQL issues

Moritz Muehlenhoff jmm at inutil.org
Mon Dec 3 07:49:20 UTC 2012


Package: mysql-5.5
Severity: grave
Tags: security
Justification: user security hole

Exploits for new MySQL issues have been posted to the full-disclosure mailing list.
This mail summarises the current state of affairs:

CVE-2012-5611 (formerly tracked as CVE-2012-5579)

  Exploit: http://seclists.org/fulldisclosure/2012/Dec/4

  Patch already available through mariadb.

CVE-2012-5612

  Exploit: http://seclists.org/fulldisclosure/2012/Dec/5

  mariadb bug: https://mariadb.atlassian.net/browse/MDEV-3908

CVE-2012-5613

  Exploit: http://seclists.org/fulldisclosure/2012/Dec/6

  This was discussed to be intended behaviour:
  http://seclists.org/oss-sec/2012/q4/388

CVE-2012-5614

  Exploit: http://seclists.org/fulldisclosure/2012/De

  mariadb bug: https://mariadb.atlassian.net/browse/MDEV-3910

CVE-2012-5615

  Exploit: http://seclists.org/fulldisclosure/2012/Dec/9

  mariadb bug: https://mariadb.atlassian.net/browse/MDEV-3909

Cheers,
        Moritz



More information about the pkg-mysql-maint mailing list