[debian-mysql] Bug#775882: Bug#775882: mariadb-10.0: affected by CVEs of the Oracle Patch Update for January 2015?
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 27 08:21:10 UTC 2015
Hi Otto,
On Tue, Jan 27, 2015 at 10:01:09AM +0200, Otto Kekäläinen wrote:
> Here is the reply from a MariaDB core developer:
>
> 2015-01-26 21:39 GMT+02:00 Sergei Golubchik <serg at mariadb.org>:
> > Hi, Otto!
> >
> > On Jan 26, Otto Kekäläinen wrote:
> >> Hello Sergei!
> >>
> >> The page https://mariadb.com/kb/en/mariadb/security/ does not mention
> >> the ones Salvatore asks about below: 0385 and 0409. Any info on them?
> >
> > Salvatore is right - these bugs are 5.6 only and we don't have "Server :
> > Optimizer" and "Server : Pluggable Auth" 5.6 code in MariaDB-10.x
> >
> > Generally from all 5.6-only MySQL bugs only InnoDB issues apply to
> > MariaDB-10.x.
> >
> > Hmm, I've just checked the source code patch between 5.6.21 and 5.6.22 -
> > there were *no* changes to the pluggable authentication code. None
> > whatsoever. I don't know what Oracle means by
> >
> > CVE-2015-0385 "Server: Pluggable Auth" "5.6.21 and earlier"
Thanks, have updated the security-tracker information about these.
Regards,
Salvatore
More information about the pkg-mysql-maint
mailing list