Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 10 Apr 2015 15:58:33 +0200
From: Tomas Hoger <thoger@...hat.com>
To: Joshua Rogers <oss@...ernot.info>
Cc: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: CVE Request: MySQL Null Pointer Dereference

On Fri, 10 Apr 2015 18:46:47 +1000 Joshua Rogers wrote:

> Could I get a CVE-ID assigned for this bug?:
> https://bugs.mysql.com/bug.php?id=75372

I believe this kind of issues is not considered security / needing CVE
without further justification.  The problem here only occurs if
malloc(small_value) fails.  Considering how small the value is and that
it's not attacker controlled, it's fairly non-obvious if attacker has
any practical chance of triggering this bug.

-- 
Tomas Hoger / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ