maria-developers team mailing list archive

Thread
Date

Re: Several CVE's in Oracle MySQL, is MariaDB vulnerable?

To: Sergei Golubchik <serg@xxxxxxxxxxx>
From: Otto Kekäläinen <otto@xxxxxxxxx>
Date: Mon, 26 Oct 2015 14:11:00 +0200
Cc: "maria-developers@xxxxxxxxxxxxxxxxxxx" <maria-developers@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <20151026093504.GA1609@meddwl.fritz.box>

2015-10-26 11:35 GMT+02:00 Sergei Golubchik <serg@xxxxxxxxxxx>:
>> The Debian security tracker
>> https://security-tracker.debian.org/tracker/source-package/mariadb-10.0
>> lists two CVEs as undetermined, can you say if CVE-2015-4737 and
>> CVE-2015-2620 affect MariaDB 10.0 or not?
>
> I can only guess.
>
> CVE-2015-4737 seems to be Oracle Bug#20181776.  If it is, then yes, all
> versions of MariaDB and MySQL (!) are affected. See MDEV-8269.

This CVE is fixed in MySQL 5.6 according to
https://security-tracker.debian.org/tracker/CVE-2015-4737

Follow ups

Re: Several CVE's in Oracle MySQL, is MariaDB vulnerable?
From: Sergei Golubchik, 2015-10-26

References

Several CVE's in Oracle MySQL, is MariaDB vulnerable?
From: Christian Rebischke, 2015-10-23
Re: Several CVE's in Oracle MySQL, is MariaDB vulnerable?
From: Daniel Black, 2015-10-23
Re: Several CVE's in Oracle MySQL, is MariaDB vulnerable?
From: Sergei Golubchik, 2015-10-23
Re: Several CVE's in Oracle MySQL, is MariaDB vulnerable?
From: Christian Rebischke, 2015-10-25
Re: Several CVE's in Oracle MySQL, is MariaDB vulnerable?
From: Sergei Golubchik, 2015-10-25
Re: Several CVE's in Oracle MySQL, is MariaDB vulnerable?
From: Otto Kekäläinen, 2015-10-25
Re: Several CVE's in Oracle MySQL, is MariaDB vulnerable?
From: Sergei Golubchik, 2015-10-26