[debian-mysql] Bug#775882: Bug#775882: mariadb-10.0: affected by CVEs of the Oracle Patch Update for January 2015?

Otto Kekäläinen otto at seravo.fi
Tue Jan 27 08:01:09 UTC 2015


Here is the reply from a MariaDB core developer:

2015-01-26 21:39 GMT+02:00 Sergei Golubchik <serg at mariadb.org>:
> Hi, Otto!
>
> On Jan 26, Otto Kekäläinen wrote:
>> Hello Sergei!
>>
>> The page https://mariadb.com/kb/en/mariadb/security/ does not mention
>> the ones Salvatore asks about below: 0385 and 0409. Any info on them?
>
> Salvatore is right - these bugs are 5.6 only and we don't have "Server :
> Optimizer" and "Server : Pluggable Auth" 5.6 code in MariaDB-10.x
>
> Generally from all 5.6-only MySQL bugs only InnoDB issues apply to
> MariaDB-10.x.
>
> Hmm, I've just checked the source code patch between 5.6.21 and 5.6.22 -
> there were *no* changes to the pluggable authentication code. None
> whatsoever. I don't know what Oracle means by
>
> CVE-2015-0385 "Server: Pluggable Auth" "5.6.21 and earlier"



More information about the pkg-mysql-maint mailing list