Re: Re: MySQL - use-after-free after mysql_stmt_close()

[Seth Arnold <seth.arnold () canonical com>]

On Thu, Jun 15, 2017 at 11:29:26AM -0600, kseifried () redhat com wrote:
> Well part of it would be the current test case of "does anyone care",
> e.g. do people actually use this/care enough to do the work to assign a
> CVE, if someone wants to spend their time being the CNA for
> stackoverflow and put out good CVEs I'm fine with that.

For stackoverflow and other sites in the stack exchange network I think
your time would be better spent downvoting answers and adding a comment
along the lines of:

    -1: This answer uses [foo which is insecure](link) and should use
    [bar which is safe](link) instead to protect against [attack
    name](link).

That way it will be visible in the same spot as the incorrect answer,
let the person who answered the question know they made a mistake, let the
person who asked the question know there was a mistake, and provide a
notice to the future about both what's wrong and what's better.

If it gets hidden because there's already too many comments, then get a
pal to upvote your comment to make it more likely to be visible by
default.

Upvote any answers without security problems. If there's no correct
answers, then provide a correct answer at the same time for extra credit.

Thanks

Attachment: signature.asc
Description: