Package: mysql-5.5 Severity: grave Tags: security Justification: user security hole
Exploits for new MySQL issues have been posted to the full-disclosure mailing list. This mail summarises the current state of affairs: CVE-2012-5611 (formerly tracked as CVE-2012-5579) Exploit: http://seclists.org/fulldisclosure/2012/Dec/4 Patch already available through mariadb. CVE-2012-5612 Exploit: http://seclists.org/fulldisclosure/2012/Dec/5 mariadb bug: https://mariadb.atlassian.net/browse/MDEV-3908 CVE-2012-5613 Exploit: http://seclists.org/fulldisclosure/2012/Dec/6 This was discussed to be intended behaviour: http://seclists.org/oss-sec/2012/q4/388 CVE-2012-5614 Exploit: http://seclists.org/fulldisclosure/2012/De mariadb bug: https://mariadb.atlassian.net/browse/MDEV-3910 CVE-2012-5615 Exploit: http://seclists.org/fulldisclosure/2012/Dec/9 mariadb bug: https://mariadb.atlassian.net/browse/MDEV-3909 Cheers, Moritz _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
