mailing list archives
Re: MySQL 0-day - does it need a CVE?
From: Henri Salo <henri () nerv fi>
Date: Thu, 9 Feb 2012 21:01:31 +0200
On Thu, Feb 09, 2012 at 10:20:14AM -0700, Kurt Seifried wrote:
-----BEGIN PGP SIGNED MESSAGE-----
We are releasing a working MySQL 5.5.20 remote 0day exploit with this
update.The exploit has been tested with mysql-5.5.20-debian6.0-i686.deb
on Debian 6.0.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
Does this need a CVE # or have you already gotten one from Mitre?
Kurt Seifried Red Hat Security Response Team (SRT)
No idea. I don't see this in MITRE's CVE-list yet and it seems that some information is going around Internet, but
nobody is telling exact facts.
- Henri Salo
Re: MySQL 0-day - does it need a CVE? Tomas Hoger (Feb 24)