[Secure-testing-commits] r33945 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2015-04-29 14:16:11 +0000 (Wed, 29 Apr 2015)
New Revision: 33945

Modified:
   data/CVE/list
Log:
Add CVE-2015-3152

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-04-29 13:42:16 UTC (rev 33944)
+++ data/CVE/list	2015-04-29 14:16:11 UTC (rev 33945)
@@ -625,8 +625,13 @@
 	RESERVED
 	- curl 7.42.1-1
 	NOTE: http://curl.haxx.se/docs/adv_20150429.html
-CVE-2015-3152
+CVE-2015-3152 [MySQL SSL/TLS downgrade]
 	RESERVED
+	- mariadb-10.0 <unfixed>
+	- percona-xtradb-cluster-5.5 <unfixed>
+	NOTE: CVE was assigned explicitly only for MariaDB and Percona, but not Oracle MySQL
+	NOTE: since Oracle is a CNA itself.
+	NOTE: http://www.ocert.org/advisories/ocert-2015-003.html
 CVE-2015-3151 [abrt: directory traversals in several D-Bus methods implemented by abrt-dbus]
 	RESERVED
 	NOT-FOR-US: abrt is Red Hat / Fedora specific