[Secure-testing-commits] r49743 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Mar 17 16:08:58 UTC 2017
Author: carnil
Date: 2017-03-17 16:08:58 +0000 (Fri, 17 Mar 2017)
New Revision: 49743
Modified:
data/CVE/list
Log:
Add explanation for CVE-2017-3305 why not to track MariaDB as well here
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-17 15:58:07 UTC (rev 49742)
+++ data/CVE/list 2017-03-17 16:08:58 UTC (rev 49743)
@@ -10051,10 +10051,15 @@
RESERVED
CVE-2017-3306
RESERVED
-CVE-2017-3305
+CVE-2017-3305 [Incorrect enforcement of ssl-mode=REQUIRED in MySQL 5.5 and 5.6]
RESERVED
- mysql-5.7 <not-affected> (Fixed before the initial release to Debian)
- mysql-5.5 <removed>
+ NOTE: The issue arises because of an improper fix for the issue known under
+ NOTE: the name BACKRONYM. The CVE CVE-2015-3152 though is explicitly only
+ NOTE: assigned for MariaDB and Percona, thus Oracle MySQL products are not
+ NOTE: tracked below that CVE. Later, Oracle tried to address the corresonding
+ NOTE: issue as well in 5.5 and 5.6 series resulting in opening CVE-2017-3305.
NOTE: http://riddle.link/
CVE-2017-3304
RESERVED
More information about the Secure-testing-commits
mailing list