[Git][security-tracker-team/security-tracker][master] Expand note for CVE-2018-2767
Salvatore Bonaccorso
carnil at debian.org
Wed Aug 8 19:48:25 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d84b169f by Salvatore Bonaccorso at 2018-08-08T18:47:08Z
Expand note for CVE-2018-2767
The tracking of MariaDB is not fully correct here, since the CVE was
specifically only assigned for Oracle MySQL products by its CNA
(oracle), but the context of the oss-security post facilitates the
tracking for the MariaDB products as well. Still should remain an
exception.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -33855,6 +33855,14 @@ CVE-2018-2767 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
NOTE: http://www.openwall.com/lists/oss-security/2018/04/08/2
NOTE: Result from an incomplete fix for CVE-2015-3152 and related CVE for
NOTE: Oracle products.
+ NOTE: For MariaDB: if one connects to the remote server using the embedded library
+ NOTE: (libmysqld), then SSL is not enforced.
+ NOTE: Fixed in MariaDB: 5.5.60, 10.0.35, 10.1.33, 10.2.15, and 10.3.7
+ NOTE: https://github.com/MariaDB/server/commit/f5369faf5bbf
+ NOTE: For Oracle: https://github.com/mysql/mysql-server/commit/bbc2e37fe4e
+ NOTE: fixed in 5.5.61, 5.6.41, 5.7.23
+ NOTE: Strictly speaking though the CVE would be only for Oracle MySQL, for practical
+ NOTE: reasons still tracking as well MariaDB here.
CVE-2018-2766 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
{DLA-1407-1}
- mariadb-10.1 1:10.1.34-1 (bug #898445)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d84b169f89f3f33487fdf633a8f3014a046347f2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d84b169f89f3f33487fdf633a8f3014a046347f2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180808/fc841b03/attachment.html>
More information about the debian-security-tracker-commits
mailing list