[Secure-testing-commits] r48466 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jan 28 09:11:38 UTC 2017
Author: carnil
Date: 2017-01-28 09:11:38 +0000 (Sat, 28 Jan 2017)
New Revision: 48466
Modified:
data/CVE/list
Log:
libmysqlclient.so issue: associate source packages
Keep mariadb packages for now as undetermined. Whole entry needs still
more investigation.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-01-28 07:34:30 UTC (rev 48465)
+++ data/CVE/list 2017-01-28 09:11:38 UTC (rev 48466)
@@ -1,6 +1,15 @@
CVE-2017-XXXX [use after free in libmysqlclient.so]
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/28/1
- TODO: check
+ - mariadb-10.1 <undetermined>
+ - mariadb-10.0 <undetermined>
+ - mysql-5.7 <not-affected> (Fixed before initial release in Debian)
+ - mysql-5.6 <not-affected> (Fixed before initial release in Debian)
+ - mysql-5.5 <removed>
+ NOTE: Fixed by: https://github.com/mysql/mysql-server/commit/4797ea0b772d5f4c5889bc552424132806f46e93
+ NOTE: Fixed in Oracle MySQL 5.6.21, 5.7.5
+ NOTE: https://bugs.mysql.com/bug.php?id=70429
+ NOTE: https://bugs.mysql.com/bug.php?id=63363
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/28/1
+ TODO: check, claimed to affect all MySQL 5.5, MariaDB 10.0.29 and 10.1.21
CVE-2017-XXXX [s-nail local root privilege escalation]
- s-nail <unfixed>
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/01/27/7
More information about the Secure-testing-commits
mailing list