Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d271f45d by Salvatore Bonaccorso at 2018-01-28T23:15:32+01:00
Add note for CVE-2017-15365 and older mariadb versions
The issue is possibly only introduced in the MariaDB 10.1 series when
merging Galera changes back. If this is true, then mariadb-10.0 will
not-affected, and so as well the Oracle MySQL products.
State: Unconfirmed.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -21549,6 +21549,8 @@ CVE-2017-15365 (sql/event_data_objects.cc in MariaDB
before 10.1.30 and 10.2.x b
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524234
NOTE:
https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html
NOTE: Likely (unconfirmed) fix:
https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e?diff=unified
+ NOTE: Possibly only introduced with
https://github.com/MariaDB/server/commit/df4dd593f29aec8e2116aec1775ad4b8833d8c93
(mariadb-10.1.1)
+ NOTE: starting to be present in mariadb-10.1.1.
CVE-2017-15364 (The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote
...)
NOT-FOR-US: ccsv
CVE-2017-15363 (Directory traversal vulnerability in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d271f45d1894acad7d1429f2f031dc5f4d9ac059
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d271f45d1894acad7d1429f2f031dc5f4d9ac059
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
