[debian-mysql] Bug#842895: mariadb-10.0: CVE-2016-6664 CVE-2016-5617

Salvatore Bonaccorso carnil at debian.org
Tue Dec 27 06:22:35 UTC 2016


Control: retitle 842895 mariadb-10.0: CVE-2016-6664
Control: clone 842895 -1
Control: reassign -1 src:mariadb-10.1
Control: retitle -1 mariadb-10.1: CVE-2016-6664

Hi Otto,

On Wed, Nov 02, 2016 at 07:27:40AM +0100, Salvatore Bonaccorso wrote:
> Source: mariadb-10.0
> Version: 10.0.16-1
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> 
> Hi,
> 
> the following vulnerabilities were published for mariadb-10.0.
> 
> CVE-2016-6664[0], which is a duplicate of CVE-2016-5617.
> 
> CVE-2016-5617[1]:
> | Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32
> | and earlier, and 5.7.14 and earlier allows local users to affect
> | confidentiality, integrity, and availability via vectors related to
> | Server: Error Handling.

FTR: The second CVE has been rejected in favour of CVE-2016-6664, so
retitling this bug accordingly to avoid confusions.

Since now mariadb-10.1 entered as well unstable, cloning this bug for
reference. I have though not (yet) checked if any of the other CVEs is
as well open with the 10.1.20 upstream release.

Regards,
Salvatore



More information about the pkg-mysql-maint mailing list