Home page logo

oss-sec logo oss-sec mailing list archives

Re: MySQL 0-day - does it need a CVE?
From: Solar Designer <solar () openwall com>
Date: Sat, 11 Feb 2012 12:50:47 +0400

On Fri, Feb 10, 2012 at 12:36:46AM +0400, Solar Designer wrote:
The table at the bottom of:


lists 27 MySQL vulnerabilities, all with CVE IDs and CVSS scoring - but
little other info.

Here's a more direct link:


(e.g. for referring to in distro advisories).

News story summarizing the problem (in Russian, sorry):


It also mentions that Oracle Linux merely reuses RHEL's updates to
MySQL without any reference to Oracle's own MySQL vulnerability/fix
info.  So it is not even clear whether Oracle Linux has these 27 bugs in
MySQL fixed or not, despite of MySQL being an Oracle product.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]