maria-developers team mailing list archive

Thread
Date

Re: Several CVE's in Oracle MySQL, is MariaDB vulnerable?

To: Christian Rebischke <chris.rebischke@xxxxxxxxx>
From: Daniel Black <daniel.black@xxxxxxxxxxxxxxxx>
Date: Sat, 24 Oct 2015 05:28:29 +1000 (EST)
Cc: maria-developers <maria-developers@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <20151023164728.GA14750@trudy>
Thread-index: 6pq1QmpDzXNFwW/nmKSF7c1/4DtTEg==
Thread-topic: Several CVE's in Oracle MySQL, is MariaDB vulnerable?


----- On 24 Oct, 2015, at 3:47 AM, Christian Rebischke chris.rebischke@xxxxxxxxx wrote:

> Hello everyone,
> Sorry when I am on the wrong mailinglist. I wanted to submit a bugreport or
> issue for this but I can't signup for your JIRA because of license reasons.

Keen to know which conditions where a problem. May affect other people.

> I am from the Archlinux-Security Team and want to ask if mariadb in the actual
> version is vulnerable to the following CVEs:
> 
> CVE-2015-4913 CVE-2015-4910 CVE-2015-4905 CVE-2015-4904 CVE-2015-4895
> CVE-2015-4890 CVE-2015-4879 CVE-2015-4870 CVE-2015-4862 CVE-2015-4864
> CVE-2015-4861 CVE-2015-4858 CVE-2015-4836 CVE-2015-4833 CVE-2015-4830
> CVE-2015-4826 CVE-2015-4819 CVE-2015-4815 CVE-2015-4807 CVE-2015-4802
> CVE-2015-4800 CVE-2015-4792 CVE-2015-4791 CVE-2015-4766
> 
> I hope you can help me.

Of course, listed here:

https://mariadb.com/kb/en/mariadb/security/

Its only got the fixed versions rather than which versions vulnerabilities where introduced. Is this sufficient?


-- 
Daniel Black, Engineer @ Open Query (http://openquery.com.au)
Remote expertise & maintenance for MySQL/MariaDB server environments.

Follow ups

Re: Several CVE's in Oracle MySQL, is MariaDB vulnerable?
From: Sergei Golubchik, 2015-10-23

References

Several CVE's in Oracle MySQL, is MariaDB vulnerable?
From: Christian Rebischke, 2015-10-23