On 14.09.2016 04:50, Roberto C. Sánchez wrote: [...] > Does anyone have any thoughts on the matter? Maybe you should contact Dawid Golunski who published the advisory and ask him to clarify the issue. As I understand it CVE-2016-6662 is fixed in version 5.5.52 which is confirmed by the official changelog in my opinion. [1] The fixed issues described in there match what is written in the security advisory from Dawid. We can only be sure when Oracle will release the next CPU in October and the CVEs will be referenced but I don't think we need to wait for that to happen. Regards, Markus [1] https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html
Attachment:
signature.asc
Description: OpenPGP digital signature