[debian-mysql] Bug#842895: mariadb-10.0: CVE-2016-6664 CVE-2016-5617

Otto Kekäläinen otto at debian.org
Sun Dec 18 21:11:00 UTC 2016


Hello!

CVE-2016-6664 (and duplicate CVE-2016-5617) do not gravely affect
MariaDB because:

"CVE-2016-6664 is NOT exploitable by itself. Shell access must first
be obtained through a vulnerability like CVE-2016-6663. Because
CVE-2016-6663 has been fixed and is no longer exploitable, we’ve
determined that CVE-2016-6664 is not critical on its own and doesn’t
warrant an immediate fix to be released. A fix will be included in the
next upcoming maintenance releases of MariaDB Server 5.5, 10.0 and
10.1."
(from https://mariadb.com/kb/en/mariadb/security/)



More information about the pkg-mysql-maint mailing list