[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: BACKRONYM and CVE-2017-3305


On Wed, Mar 22, 2017 at 08:40:16PM +0100, Ola Lundqvist wrote:
> Hi again
> Now I have read the information in CVE-2017-3305 better. Now I understand
> that it is just the mysql-5.7 version that is definitely not affected.
> However it is still not clear to me whether the 5.5 version in jessie and
> wheezy is vulnerable to:
> - The BACKRONYM vulnerability?
> - CVE-2017-3305?
> I'm trying to understand this sentence:
> "... Later, Oracle tried to address the corresonding issue as well in 5.5
> and 5.6 series..."
> In what 5.5.x version was that addressed?

I have ammended the note to clarify which version tried to correct the
corresponding issue (*but* do *not* track CVE-2015-3152 for Oracle
MySQL, the CVE was specific to mariadb and percona).

The notes should hopefully be clear now. The CVE-2017-3305 will be
fixed by Oracle in the next Oracle CPU as promised by upstream.


Reply to: