mailing list archives
Re: MySQL 0-day - does it need a CVE?
From: Solar Designer <solar () openwall com>
Date: Sat, 11 Feb 2012 12:50:47 +0400
On Fri, Feb 10, 2012 at 12:36:46AM +0400, Solar Designer wrote:
The table at the bottom of:
lists 27 MySQL vulnerabilities, all with CVE IDs and CVSS scoring - but
little other info.
Here's a more direct link:
(e.g. for referring to in distro advisories).
News story summarizing the problem (in Russian, sorry):
It also mentions that Oracle Linux merely reuses RHEL's updates to
MySQL without any reference to Oracle's own MySQL vulnerability/fix
info. So it is not even clear whether Oracle Linux has these 27 bugs in
MySQL fixed or not, despite of MySQL being an Oracle product.
Re: MySQL 0-day - does it need a CVE? Tomas Hoger (Feb 24)