maria-discuss team mailing list archive
Mailing list archive
Re: Latest round of Oracle CVE status on MariaDB
Thanks. I've updated the security page now.
I think that CVE-2015-4757 is fixed in 5.5.43 (and 10.0.18), and
are fixed in 5.5.44 (and 10.0.20).
While I cannot be sure what CVE-2015-4737 and CVE-2015-2620 are about,
I suspect that the first is
https://github.com/mysql/mysql-server/commit/c655515d and the second is
If that's right, than the first is intentional behavior, not a bug.
I believe that changing it might break user applications (esp. backups).
The second isn't a fix it all, it only covers one very specific case.
I've created MDEV-8269 to have this bug properly fixed.
On Aug 13, Brian Evans wrote:
> The quarterly CVE list from oracle was published.
> The following CVEs are listed there affecting 5.5, but not listed on
> the MariaDB security page.
> Are they fixed with 5.5.45 and 10.0.21, or any other version?
>  http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
>  https://mariadb.com/kb/en/mariadb/security/