Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 15 Mar 2013 00:00:57 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com, "Christey, Steven M." <coley@...re.org>,
        security@...cle.com
Subject: CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So I was hoping Oracle would assign a CVE for this publicly since it
also affects MySQL but it's been a week and we haven't seen anything
from them anywhere (public or private).

So for the MySQL/MariaDB geometry issues:

https://mariadb.atlassian.net/browse/MDEV-4252
http://bugs.mysql.com/bug.php?id=68591
http://lists.askmonty.org/pipermail/commits/2013-March/004371.html
https://bugzilla.redhat.com/show_bug.cgi?id=919247

So we've assigned CVE-2013-1861 for this issue.

I apologize in advance if Oracle has assigned a CVE for this issue,
but they haven't communicated it to anyone, so in future this problem
can easily be avoided by simply posting the assigned CVE to
OSS-Security and everyone will know.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRQrkYAAoJEBYNRVNeJnmTtIwP/A66nP+n7jtlMR8QZhKme1Pl
Mnmw7bKy7byPWvoqwq6F61CCWmdtF0XEdjnhtafBZF45qTMgRitpy5rKfKoTbl5f
m5NjahPQIOOn2IXJ1WaNsVMQjskJ/wXXJW4CW24Lc6M39Dmk8rYhHKa98G5rmdFh
jh3T/agIkRBla2wzFDDBqXh96Clkhunm7GbiRzzwdIXLWSbnnq452EatRql5Y0hT
eQA+/oz3iNlqlIFO5elylwJyna222Q2vehT2rZe+n60rFIP9CrSK4XFgQsR3RaQ5
cV1r4mpX4v5V61f3RhhjPcYRZPM/Gjhcf+TdhNc2dZkbSPl8axjP5G9PGje35sAO
5MbT6zRru2oAglew7agm1Bc2UQv9ZcI+1/HaOhIeFIX6iA3kK3n3pJ/mdJVRWOkM
dVTuI6gajVTMOxEVZFAqOzUxhW7w/tqdWJl78IhFjcsRMLr8Kn2b1sHKXTDKiG/Y
xLhoD13WCslqqsjW/KvrnKAqKLjCXe7kNOUJmq6J+ndBBmB6dFrGn8pRA2FhOnu+
zZrYk6N3lpgf3fCQfBBsK9nXGV9JGvqjJRp2Ky487nDMYNky1hFYHHHjj4epV3ID
9+lfOSh1lT17c+K+Yf/ulbj28IexUjid5x1W9M8FNN/LUtnNUE1/rWy4Q6gDW5S9
K0g3b7TFx1oe42UrHCyt
=Wtjr
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ