Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 02 Dec 2012 21:14:43 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/02/2012 07:46 PM, Steven M. Christey wrote:

(removed the full-disclosure/bugtraq mailing lists, they don't need
to be further spammed with minor CVE assignment details.)


On Sun, 2 Dec 2012, Sergei Golubchik wrote:

Hi, Huzaifa!

Here's the vendor's reply:

On Dec 02, Huzaifa Sidhpurwala wrote:

* CVE-2012-5611 MySQL (Linux) Stack based buffer overrun PoC
Zeroday http://seclists.org/fulldisclosure/2012/Dec/4 
https://bugzilla.redhat.com/show_bug.cgi?id=882599

A duplicate of CVE-2012-5579 Already fixed in all stable MariaDB
version.

Kurt - I suggest we REJECT CVE-2012-5579 and preserve
CVE-2012-5611 because of the strong likelihood that CVE-2012-5611
will be more commonly referenced in the very near future.

Sounds good to me

Please REJECT CVE-2012-5579 for this issue, instead please use
CVE-2012-5611 for this issue.



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQvCczAAoJEBYNRVNeJnmTqH4P/3p3KwQhtxygikZTA9OiJsNi
28qG8CHFzxGB8pTrHfxNdHRzHi4IBjniIQUwJOcJKMQFhlIJRCTdgvw8pBGMROOK
Hy5EVCm0r+oWFt5SDNBEZ8blRoUiSwXxgDPB7Vv1ZsuSy2EbGDxXN1W+febjGhXA
klTg1r+PaxBEaU8n+mzvBc2vYnhCKY4x0Apu46VQt4k82K5KoXTYwSVJIfWmE4FB
53I6tiFZRoICCqjBlDGbha/V0YfwG7ehtPb7Tgq+3Wd9tC8kO8pG2eKcpEzYWXlL
kK02GadWEMdBxmhxkw7yxEYXnpE/fqiIgHjXR1fydlB+3dqs1yNvhbi/x5lMUsgJ
8y422iJyH+QOI6rKcZm2AEZEkEj+/DOtZ2v6VW4vS6EZGNQ5x6VgN/T9cG0kEFgx
pKe/n3EwC3FLkqFEtU5firwfmI+zNuFrYfst+36FLpPCVEV5Ulm7Dqge9zMPxS3g
uvP3vxJxkzFkWY1zShQf1cVpXKZPYjzvmGQKhIv4/00e5XqR/BpY7Zb08qNVngD0
CayQlMM6LX9T2eufouND7/mvmmC/njennqFXG+GM6pz9AFa8ouO/P6vJ/+Rsd6Kv
+/tDHl7DIpgzwarnNpCN6TMAmGwsL6FS+GSLwDnSIjmqy3XR8hLdmoHqqfiXXKRx
3ShgRXR8r1VZ24UKd6pP
=cozl
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]