Date: Mon, 23 Nov 2009 16:08:51 -0500 (EST) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: mysql-5.1.41 As best as I can tell, we only need one CVE id (two issues, but one already has an id). MySQL clients before version 5.1.41 linked against OpenSSL would not properly check certificates presented by a MySQL server linked against yaSSL. This could possibly lead to a man in the middle type of attack on the SSL connection. http://bugs.mysql.com/bug.php?id=47320 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html Thanks. -- JB ----- "Oden Eriksson" <oeriksson@...driva.com> wrote: > Hello. > > The new mysql release mentions two security issues that has been > addressed, > anyone knows more about that? I guess it would need some CVE > assignment as > well. > > http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html > > -- > Regards // Oden Eriksson > Security team manager - Mandriva
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.