![]() |
|
Date: Fri, 10 Apr 2015 15:58:33 +0200 From: Tomas Hoger <thoger@...hat.com> To: Joshua Rogers <oss@...ernot.info> Cc: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Re: CVE Request: MySQL Null Pointer Dereference On Fri, 10 Apr 2015 18:46:47 +1000 Joshua Rogers wrote: > Could I get a CVE-ID assigned for this bug?: > https://bugs.mysql.com/bug.php?id=75372 I believe this kind of issues is not considered security / needing CVE without further justification. The problem here only occurs if malloc(small_value) fails. Considering how small the value is and that it's not attacker controlled, it's fairly non-obvious if attacker has any practical chance of triggering this bug. -- Tomas Hoger / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.