[Secure-testing-commits] r58444 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Dec 11 06:14:45 UTC 2017
Author: carnil
Date: 2017-12-11 06:14:45 +0000 (Mon, 11 Dec 2017)
New Revision: 58444
Modified:
data/CVE/list
Log:
Add CVE-2017-15365/mariadb
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-10 21:38:33 UTC (rev 58443)
+++ data/CVE/list 2017-12-11 06:14:45 UTC (rev 58444)
@@ -8660,8 +8660,18 @@
RESERVED
CVE-2017-15366 (Before Thornberry NDoc version 8.0, laptop clients and the server have ...)
NOT-FOR-US: Thornberry NDoc
-CVE-2017-15365
+CVE-2017-15365 [Replication in sql/event_data_objects.cc occurs before ACL checks]
RESERVED
+ - mariadb-10.2 <unfixed>
+ - mariadb-10.1 <undetermined>
+ - mariadb-10.0 <undetermined>
+ - percona-xtrabackup <unfixed>
+ - mysql-5.7 <undetermined>
+ - mysql-5.5 <undetermined>
+ NOTE: MariaDB: Fixed in 10.2.10
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524234
+ NOTE: https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html
+ NOTE: Likely (unconfirmed) fix: https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e?diff=unified
CVE-2017-15364 (The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote ...)
NOT-FOR-US: ccsv
CVE-2017-15363 (Directory traversal vulnerability in ...)
More information about the Secure-testing-commits
mailing list