Hello!
2015-12-23 16:39 GMT+02:00 Norvald H. Ryeng <norvald.ryeng@oracle.com>:
..
I know we are a bit tight with info about security issues upstream, but
all
security bugfixes are available at
https://github.com/mysql/mysql-server as
individual commits, and a list of CVEs fixed is reported quarterly
according
to a published schedule. Apparently that's not enough.
As a side note related to this, can you please tell us in what commit
CVE-2015-4913 and CVE-2015-4737 were fixed? You probably have access to
some
internal security tracker where you can look this up, and both CVEs are
already relatively old, so you would not be releasing any sensitive
security
info.