Hi, Brian! Thanks. I've updated the security page now. I think that CVE-2015-4757 is fixed in 5.5.43 (and 10.0.18), and CVE-2015-4752 CVE-2015-2648 CVE-2015-2643 CVE-2015-2582 are fixed in 5.5.44 (and 10.0.20).
While I cannot be sure what CVE-2015-4737 and CVE-2015-2620 are about, I suspect that the first is https://github.com/mysql/mysql-server/commit/c655515d and the second is https://github.com/mysql/mysql-server/commit/fdae90dd. If that's right, than the first is intentional behavior, not a bug. I believe that changing it might break user applications (esp. backups). The second isn't a fix it all, it only covers one very specific case. I've created MDEV-8269 to have this bug properly fixed. Regards, Sergei On Aug 13, Brian Evans wrote: > The quarterly CVE list from oracle was published[1]. > The following CVEs are listed there affecting 5.5, but not listed on > the MariaDB security page[2]. > > CVE-2015-4757 > CVE-2015-4752 > CVE-2015-2648 > CVE-2015-2643 > CVE-2015-2582 > CVE-2015-4737 > CVE-2015-2620 > > Are they fixed with 5.5.45 and 10.0.21, or any other version? > > Brian > > [1] > http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL > [2] https://mariadb.com/kb/en/mariadb/security/ > _______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
