Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 Sep 2014 10:15:43 -0400
From: Marc Deslauriers <>
 Ritwik Ghoshal <>
CC: CVE Assignments MITRE <>,
Subject: Re: CVE Request: MySQL: MyISAM temporary file issue

On 14-09-11 10:39 AM, Tomas Hoger wrote:
> On Wed, 10 Sep 2014 10:28:53 -0700 Ritwik Ghoshal wrote:
>> Please use CVE-2014-4274 for this issue.
>> Please send an email to to contact Oracle for
>> any security vulnerability related issues.
> As pointed out in this Gentoo bug, release notes for the mentioned
> MySQL versions list another issue that seems to be security:
> 3) An off-by-one error related to certificate decoding in yaSSL can be
> exploited to cause a buffer overflow.

There is also mention of:

"Clients could determine based on connection error message content whether an
account existed. (Bug #16513435, Bug #17357528, Bug #19273967)"

I believe this is the fix for CVE-2012-5615, and is fixed with the following commit:


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ