Author: carnil
Date: 2016-10-27 20:06:32 +0000 (Thu, 27 Oct 2016)
New Revision: 45675
Modified:
data/CVE/list
Log:
Update information for MariaDB fixes
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-27 19:29:19 UTC (rev 45674)
+++ data/CVE/list 2016-10-27 20:06:32 UTC (rev 45675)
@@ -1936,6 +1936,7 @@
- mysql-5.5 <removed>
[jessie] - mysql-5.5 5.5.52-0+deb8u1
[wheezy] - mysql-5.5 5.5.52-0+deb7u1
+ NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
CVE-2016-8282
RESERVED
CVE-2016-8281 (Unspecified vulnerability in the Oracle Platform Security for
Java ...)
@@ -4554,10 +4555,11 @@
RESERVED
CVE-2016-7440
RESERVED
- - mariadb-10.0 <undetermined>
+ - mariadb-10.0 <unfixed>
- mysql-5.7 <unfixed> (bug #841163)
- mysql-5.6 <unfixed> (bug #841049)
- mysql-5.5 <removed> (bug #841050)
+ NOTE: Fixed in MariaDB 5.5.53, MariaDB 10.0.28
CVE-2016-7439
RESERVED
CVE-2016-7438
@@ -6746,7 +6748,7 @@
[wheezy] - mysql-5.5 5.5.52-0+deb7u1
NOTE: Fixed by:
https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805
NOTE: Fixed by:
https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291
- NOTE: Fixed in MariaDB: 5.5.52, 10.1.18
+ NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
NOTE: Fixed in Oracle MySQL: 5.5.52, 5.6.33, and 5.7.15.
NOTE: Duplicate CVE from Oracle: CVE-2016-5616, cf.
https://bugzilla.redhat.com/show_bug.cgi?id=1378936#c4
CVE-2016-6662 (Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x
through ...)
@@ -10526,6 +10528,7 @@
- mysql-5.5 <removed>
[jessie] - mysql-5.5 5.5.52-0+deb8u1
[wheezy] - mysql-5.5 5.5.52-0+deb7u1
+ NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
CVE-2016-5628 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier
allows ...)
- mysql-5.7 5.7.15-1
- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
@@ -10541,6 +10544,7 @@
- mysql-5.5 <removed>
[jessie] - mysql-5.5 5.5.52-0+deb8u1
[wheezy] - mysql-5.5 5.5.52-0+deb7u1
+ NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
CVE-2016-5625 (Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier
allows ...)
- mysql-5.7 5.7.15-1
- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
@@ -10552,6 +10556,7 @@
- mysql-5.5 <removed>
[jessie] - mysql-5.5 5.5.52-0+deb8u1
[wheezy] - mysql-5.5 5.5.52-0+deb7u1
+ NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
CVE-2016-5623
RESERVED
CVE-2016-5622 (Unspecified vulnerability in the Oracle FLEXCUBE Universal
Banking ...)
@@ -10579,6 +10584,7 @@
[jessie] - mysql-5.5 5.5.52-0+deb8u1
[wheezy] - mysql-5.5 5.5.52-0+deb7u1
NOTE: This is a Oracle assigned duplicate for CVE-2016-6663
+ NOTE: Equivalently fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB
10.0.28
CVE-2016-5615 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows
local ...)
NOT-FOR-US: Solaris
CVE-2016-5614
@@ -10665,10 +10671,11 @@
CVE-2016-5585 (Unspecified vulnerability in the Oracle Interaction Center ...)
TODO: check
CVE-2016-5584 (Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier,
5.6.33 ...)
- - mariadb-10.0 <undetermined>
+ - mariadb-10.0 <unfixed>
- mysql-5.7 <unfixed> (bug #841163)
- mysql-5.6 <unfixed> (bug #841049)
- mysql-5.5 <removed> (bug #841050)
+ NOTE: Fixed in MariaDB 5.5.53, MariaDB 10.0.28
CVE-2016-5583 (Unspecified vulnerability in the Oracle One-to-One Fulfillment
...)
TODO: check
CVE-2016-5582 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111,
8u102; and ...)
@@ -17566,6 +17573,7 @@
- mysql-5.5 <removed>
[jessie] - mysql-5.5 5.5.52-0+deb8u1
[wheezy] - mysql-5.5 5.5.52-0+deb7u1
+ NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
CVE-2016-3491 (Unspecified vulnerability in the Oracle CRM Technical
Foundation ...)
TODO: check
CVE-2016-3490 (Unspecified vulnerability in the Oracle Transportation
Management ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
