[Secure-testing-commits] r49548 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2017-03-10 05:58:40 +0000 (Fri, 10 Mar 2017)
New Revision: 49548

Modified:
   data/CVE/list
Log:
Add CVE-2016-5483

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-10 04:33:09 UTC (rev 49547)
+++ data/CVE/list	2017-03-10 05:58:40 UTC (rev 49548)
@@ -29936,6 +29936,15 @@
 	RESERVED
 CVE-2016-5483
 	RESERVED
+	- mariadb-10.1 <undetermined>
+	- mariadb-10.0 <unfixed>
+	[jessie] - mariadb-10.0 <no-dsa> (Minor issue)
+	- mysql-5.7 <unfixed>
+	- mysql-5.5 <removed>
+	[jessie] - mysql-5.5 <no-dsa> (Minor issue)
+	NOTE: https://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/
+	NOTE: Affected according to blogpost: MySQL all versions, MariaDB <= 5.5.52 and < 10.1
+	TODO: check fixing commit for MariaDB
 CVE-2016-5482 (Unspecified vulnerability in the Oracle Commerce Guided Search ...)
 	NOT-FOR-US: Oracle
 CVE-2016-5481 (Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) ...)