[Secure-testing-commits] r49743 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Mar 17 16:08:58 UTC 2017


Author: carnil
Date: 2017-03-17 16:08:58 +0000 (Fri, 17 Mar 2017)
New Revision: 49743

Modified:
   data/CVE/list
Log:
Add explanation for CVE-2017-3305 why not to track MariaDB as well here

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-17 15:58:07 UTC (rev 49742)
+++ data/CVE/list	2017-03-17 16:08:58 UTC (rev 49743)
@@ -10051,10 +10051,15 @@
 	RESERVED
 CVE-2017-3306
 	RESERVED
-CVE-2017-3305
+CVE-2017-3305 [Incorrect enforcement of ssl-mode=REQUIRED in MySQL 5.5 and 5.6]
 	RESERVED
 	- mysql-5.7 <not-affected> (Fixed before the initial release to Debian)
 	- mysql-5.5 <removed>
+	NOTE: The issue arises because of an improper fix for the issue known under
+	NOTE: the name BACKRONYM. The CVE CVE-2015-3152 though is explicitly only
+	NOTE: assigned for MariaDB and Percona, thus Oracle MySQL products are not
+	NOTE: tracked below that CVE. Later, Oracle tried to address the corresonding
+	NOTE: issue as well in 5.5 and 5.6 series resulting in opening CVE-2017-3305. 
 	NOTE: http://riddle.link/
 CVE-2017-3304
 	RESERVED




More information about the Secure-testing-commits mailing list