BACKRONYM and CVE-2017-3305

[Ola Lundqvist <ola@inguza.com>]

Hi LTS team and Security team

I have started to look into CVE-2017-3305. As I understand both stable

and oldstable are unaffected by this vulnerability. The reason is that this is

an amendment of the correction for the BACKRONYM vulnerability.

What I do not understand however is whether mysql is vulnerable to the

backronym vulnerability or not.

I can not find any CVE for the BACKRONYM vulnerability. Or rather I can find it but that one is only for mariadb and percona https://security-tracker.debian.org/tracker/CVE-2015-3152.

Do any of you know whether the BACKRONYM has been fixed in mysql-5.5?

I thought I should ask before actually trying to reproduce it.

Best regards

// Ola

--

 --- Inguza Technology AB --- MSc in Information Technology ----

/  ola@inguza.com                    Folkebogatan 26            \

|  opal@debian.org                   654 68 KARLSTAD            |

|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |

\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /

 ---------------------------------------------------------------