Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 3 Jul 2017 10:00:07 +0200
From: Pali Rohár <pali.rohar@...il.com>
To: Adam Maris <amaris@...hat.com>
Cc: oss-security@...ts.openwall.com
Subject: CVE-2017-10788 for DBD::mysql (Re: Re: MySQL -
 use-after-free after mysql_stmt_close())

On Thursday 15 June 2017 15:50:42 Adam Maris wrote:
> On Mon, 2017-06-12 at 23:47 +0200, Pali Rohár wrote:
> > Hello!
> > 
> > Any idea how to handle this particular problem?
> > 
> > 
> 
> Hi!
> 
> Given that Oracle (silently) updated the vulnerable example in their
> documentation, this likely indicates the way to handle this -
> applications that copied the vulnerable example needs to be fixed and
> CVEs will be assigned per application.
> 
> Best Regards,
> 

Hi! Just to note that Mitre now assigned CVE-2017-10788 for DBD::mysql:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10788

-- 
Pali Rohár
pali.rohar@...il.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ