Hi, Otto! On Oct 26, Otto Kekäläinen wrote: > 2015-10-26 11:35 GMT+02:00 Sergei Golubchik <[email protected]>: > >> The Debian security tracker > >> https://security-tracker.debian.org/tracker/source-package/mariadb-10.0 > >> lists two CVEs as undetermined, can you say if CVE-2015-4737 and > >> CVE-2015-2620 affect MariaDB 10.0 or not? > > > > I can only guess. > > > > CVE-2015-4737 seems to be Oracle Bug#20181776. If it is, then yes, all > > versions of MariaDB and MySQL (!) are affected. See MDEV-8269. > > This CVE is fixed in MySQL 5.6 according to > https://security-tracker.debian.org/tracker/CVE-2015-4737
I know. Oracle CPU from July 2015 lists it as fixed. But that commit fixes only one specific use case. There is no complete solution for Bug#20181776 either in MySQL or in MariaDB. Again, please see MDEV-8269. Disclaimer: CVE-2015-4737 may be not Bug#20181776 at all. Regards, Sergei _______________________________________________ Mailing list: https://launchpad.net/~maria-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~maria-developers More help : https://help.launchpad.net/ListHelp
