[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add note for CVE-2017-15365 and older mariadb versions
Salvatore Bonaccorso
carnil at debian.org
Sun Jan 28 22:18:16 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d271f45d by Salvatore Bonaccorso at 2018-01-28T23:15:32+01:00
Add note for CVE-2017-15365 and older mariadb versions
The issue is possibly only introduced in the MariaDB 10.1 series when
merging Galera changes back. If this is true, then mariadb-10.0 will
not-affected, and so as well the Oracle MySQL products.
State: Unconfirmed.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -21549,6 +21549,8 @@ CVE-2017-15365 (sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x b
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524234
NOTE: https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html
NOTE: Likely (unconfirmed) fix: https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e?diff=unified
+ NOTE: Possibly only introduced with https://github.com/MariaDB/server/commit/df4dd593f29aec8e2116aec1775ad4b8833d8c93 (mariadb-10.1.1)
+ NOTE: starting to be present in mariadb-10.1.1.
CVE-2017-15364 (The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote ...)
NOT-FOR-US: ccsv
CVE-2017-15363 (Directory traversal vulnerability in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d271f45d1894acad7d1429f2f031dc5f4d9ac059
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d271f45d1894acad7d1429f2f031dc5f4d9ac059
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180128/d9e6d180/attachment-0001.html>
More information about the Secure-testing-commits
mailing list