Re: Zero Day MySQL Buffer Overflow

To: debian-security@lists.debian.org
Subject: Re: Zero Day MySQL Buffer Overflow
From: "Thijs Kinkhorst" <thijs@debian.org>
Date: Tue, 4 Dec 2012 18:55:18 +0100
Message-id: <[🔎] 5c2a10f757fc106f71b0eff25df3a2cf.squirrel@aphrodite.kinkhorst.nl>
In-reply-to: <[🔎] CAASvXNsUEOO_bhZ-0EZ+Ln_-oqK8YuLAscD+B5tcPBsBamxQyQ@mail.gmail.com>
References: <[🔎] CAASvXNtPcoqmGM6ikwFoPXdBOv5jfPnM0m8nZ+dG3DfkdONATg@mail.gmail.com> <[🔎] 50BCDAB5.5040505@igalia.com> <CAASvXNviGr4D3bwJ26gmYWn6nJ6bEy0La=4PCqz6NbxP4_qkUQ@mail.gmail.com> <[🔎] CAASvXNsUEOO_bhZ-0EZ+Ln_-oqK8YuLAscD+B5tcPBsBamxQyQ@mail.gmail.com>

Hi Daniel,

On Tue, December 4, 2012 18:33, daniel curtis wrote:
> Thank You, I should look there first (Security Tracker). But I see,
> that two of three CVE's are marked as 'vulnerable' for  all branches;
> stable, testing and unstable. Frankly, only first CVE is Fixed for
> Squeeze.
> It is normal?

They are indeed still pending a fix; because other issues in MySQL were
reported in the mean time an update for those issues (see DSA text for
id's) was released. The issue you mention will be fixed as soon as we have
a working fix.

Cheers,
Thijs

Reply to:

References:
- Zero Day MySQL Buffer Overflow
  - From: daniel curtis <sidetripping@gmail.com>
- Re: Zero Day MySQL Buffer Overflow
  - From: Carlos Alberto Lopez Perez <clopez@igalia.com>
- Re: Zero Day MySQL Buffer Overflow
  - From: daniel curtis <sidetripping@gmail.com>

Prev by Date: Re: Zero Day MySQL Buffer Overflow
Next by Date: About default init umask , and kernel umask, cron umask
Previous by thread: Re: Zero Day MySQL Buffer Overflow
Next by thread: Re: Zero Day MySQL Buffer Overflow
Index(es):
- Date
- Thread