[debian-mysql] Bug#737596: mysql-5.5: CVE-2014-0001: command-line tool buffer overflow via long server version string

Salvatore Bonaccorso carnil at debian.org
Fri Mar 14 07:45:32 UTC 2014


Control: clone 737596 -1
Control: reassign -1 src:mysql-5.6
Control: retitle -1 mysql-5.6: CVE-2014-0001: command-line tool buffer overflow via long server version string

Hi,

On Tue, Feb 04, 2014 at 06:51:50AM +0100, Salvatore Bonaccorso wrote:
> Source: mysql-5.5
> Severity: important
> Tags: security upstream
> 
> Hi,
> 
> the following vulnerability was published for mysql-5.5.
> 
> CVE-2014-0001[0]:
> command-line tool buffer overflow via long server version string
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001
>     http://security-tracker.debian.org/tracker/CVE-2014-0001
> [1] http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=1054592
> 
> Please adjust the affected versions in the BTS as needed.

The same seems to apply to mysql-5.6 at first glance. Cloning the
original bugreport to make a copy for the mysql-5.6 source package.

Regards,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20140314/675374ee/attachment-0001.sig>


More information about the pkg-mysql-maint mailing list