Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 02 Dec 2012 21:14:43 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
CC: Sergei Golubchik <serg@...monty.org>, oss-security@...ts.openwall.com,
        king cope <isowarez.isowarez.isowarez@...glemail.com>,
        todd@...ketstormsecurity.org, submit@...sec.com,
        Mitre CVE assign department <cve-assign@...re.org>,
        security@...iadb.org, security@...ql.com,
        Ritwik Ghoshal <ritwik.ghoshal@...cle.com>, moderators@...db.org
Subject: Re: Re: [Full-disclosure] MySQL (Linux) Stack based
 buffer overrun PoC Zeroday

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/02/2012 07:46 PM, Steven M. Christey wrote:
> 
> (removed the full-disclosure/bugtraq mailing lists, they don't need
> to be further spammed with minor CVE assignment details.)
> 
> 
> On Sun, 2 Dec 2012, Sergei Golubchik wrote:
> 
>> Hi, Huzaifa!
>> 
>> Here's the vendor's reply:
>> 
>> On Dec 02, Huzaifa Sidhpurwala wrote:
>>> 
>>> * CVE-2012-5611 MySQL (Linux) Stack based buffer overrun PoC
>>> Zeroday http://seclists.org/fulldisclosure/2012/Dec/4 
>>> https://bugzilla.redhat.com/show_bug.cgi?id=882599
>> 
>> A duplicate of CVE-2012-5579 Already fixed in all stable MariaDB
>> version.
> 
> Kurt - I suggest we REJECT CVE-2012-5579 and preserve
> CVE-2012-5611 because of the strong likelihood that CVE-2012-5611
> will be more commonly referenced in the very near future.

Sounds good to me

Please REJECT CVE-2012-5579 for this issue, instead please use
CVE-2012-5611 for this issue.



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQvCczAAoJEBYNRVNeJnmTqH4P/3p3KwQhtxygikZTA9OiJsNi
28qG8CHFzxGB8pTrHfxNdHRzHi4IBjniIQUwJOcJKMQFhlIJRCTdgvw8pBGMROOK
Hy5EVCm0r+oWFt5SDNBEZ8blRoUiSwXxgDPB7Vv1ZsuSy2EbGDxXN1W+febjGhXA
klTg1r+PaxBEaU8n+mzvBc2vYnhCKY4x0Apu46VQt4k82K5KoXTYwSVJIfWmE4FB
53I6tiFZRoICCqjBlDGbha/V0YfwG7ehtPb7Tgq+3Wd9tC8kO8pG2eKcpEzYWXlL
kK02GadWEMdBxmhxkw7yxEYXnpE/fqiIgHjXR1fydlB+3dqs1yNvhbi/x5lMUsgJ
8y422iJyH+QOI6rKcZm2AEZEkEj+/DOtZ2v6VW4vS6EZGNQ5x6VgN/T9cG0kEFgx
pKe/n3EwC3FLkqFEtU5firwfmI+zNuFrYfst+36FLpPCVEV5Ulm7Dqge9zMPxS3g
uvP3vxJxkzFkWY1zShQf1cVpXKZPYjzvmGQKhIv4/00e5XqR/BpY7Zb08qNVngD0
CayQlMM6LX9T2eufouND7/mvmmC/njennqFXG+GM6pz9AFa8ouO/P6vJ/+Rsd6Kv
+/tDHl7DIpgzwarnNpCN6TMAmGwsL6FS+GSLwDnSIjmqy3XR8hLdmoHqqfiXXKRx
3ShgRXR8r1VZ24UKd6pP
=cozl
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.