HELP Unsubscribe

On Tue, Jun 12, 2012 at 5:00 AM, <evergreen-requ...@lists.rosenauer.org>
wrote:

> Send Evergreen mailing list submissions to
>         evergreen@lists.rosenauer.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.rosenauer.org/mailman/listinfo/evergreen
> or, via email, send a message with subject or body 'help' to
>         evergreen-requ...@lists.rosenauer.org
>
> You can reach the person managing the list at
>         evergreen-ow...@lists.rosenauer.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Evergreen digest..."
>
>
> Today's Topics:
>
>    1. mysql vulnerability - 11.2 affected? (Christian Boltz)
>    2. Re: mysql vulnerability - 11.2 affected? (Marcus Meissner)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 11 Jun 2012 19:06:33 +0200
> From: Christian Boltz <evergr...@cboltz.de>
> To: evergreen@lists.rosenauer.org
> Subject: [Evergreen] mysql vulnerability - 11.2 affected?
> Message-ID: <2262686.dmqojve...@tux.boltz.de.vu>
> Content-Type: text/plain; charset="iso-8859-15"
>
> Hello,
>
> short, but important notification: there's a "funny" bug in mysql - it
> sometimes lets you login even with a wrong password.
>
> See https://bugzilla.novell.com/show_bug.cgi?id=766428 for details, a
> reproducer and (in the oss-sec link) a patch.
>
> I don't have a 11.2 installation which means I can't test this myself -
> but from the mysql version number I'd guess it shares this issue. Can
> someone please test this (and, if needed, prepare a fixed mysql package
> for 11.2 evergreen ;-) ?
>
> On the positive side: mysql on openSUSE 11.1 is not vulnerable.
>
>
> Regards,
>
> Christian Boltz
> --
> Expected Results:
> This is Linux. Kernel and crash are mutually exclusive :-)
> [Volker Kuhlmann in https://bugzilla.novell.com/show_bug.cgi?id=743936]
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 11 Jun 2012 21:53:51 +0200
> From: Marcus Meissner <meiss...@suse.de>
> To: Christian Boltz <evergr...@cboltz.de>
> Cc: evergreen@lists.rosenauer.org
> Subject: Re: [Evergreen] mysql vulnerability - 11.2 affected?
> Message-ID: <20120611195351.go17...@suse.de>
> Content-Type: text/plain; charset=us-ascii
>
> On Mon, Jun 11, 2012 at 07:06:33PM +0200, Christian Boltz wrote:
> > Hello,
> >
> > short, but important notification: there's a "funny" bug in mysql - it
> > sometimes lets you login even with a wrong password.
> >
> > See https://bugzilla.novell.com/show_bug.cgi?id=766428 for details, a
> > reproducer and (in the oss-sec link) a patch.
> >
> > I don't have a 11.2 installation which means I can't test this myself -
> > but from the mysql version number I'd guess it shares this issue. Can
> > someone please test this (and, if needed, prepare a fixed mysql package
> > for 11.2 evergreen ;-) ?
> >
> > On the positive side: mysql on openSUSE 11.1 is not vulnerable.
>
> It really depends on the processor platform and the compiler used,
> e.g. if a optimized memcmp is in use or just the traditional bytewise
> compare.
>
> Ciao, Marcus
>
>
> ------------------------------
>
> _______________________________________________
> Evergreen mailing list
> Evergreen@lists.rosenauer.org
> http://lists.rosenauer.org/mailman/listinfo/evergreen
>
>
> End of Evergreen Digest, Vol 19, Issue 1
> ****************************************
>



-- 
===========================================================================================
GOD gave us stewardship over everything we can do.
  A *stewardship is *the responsibility of overseeing the protection of
something considered worth caring for and preserving.
===========================================================================================
This electronic mail message contains information which is (a) LEGALLY
PRIVILEGED, PROPRIETARY IN NATURE, OR OTHERWISE PROTECTED BY LAW FROM
DISCLOSURE, and (b) intended only for the use of the Addressee name(s)
herein. If you are not the Addressee(s), or the person responsible for
delivering this to the Addressee(s), you are hereby notified that reading,
copying, or distributing this message is prohibited.* If you have received
this electronic mail message in error, please immediately contact us by
email and/or telephone.* Then* take steps necessary to delete the message
and attachments completely from your computer system.*
===========================================================================================
_______________________________________________
Evergreen mailing list
Evergreen@lists.rosenauer.org
http://lists.rosenauer.org/mailman/listinfo/evergreen

Reply via email to