Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <518516022.608081259010531168.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Mon, 23 Nov 2009 16:08:51 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: mysql-5.1.41

As best as I can tell, we only need one CVE id (two issues, but one already has
an id).

MySQL clients before version 5.1.41 linked against OpenSSL would not properly
check certificates presented by a MySQL server linked against yaSSL. This could
possibly lead to a man in the middle type of attack on the SSL connection.

http://bugs.mysql.com/bug.php?id=47320
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html

Thanks.

-- 
    JB


----- "Oden Eriksson" <oeriksson@...driva.com> wrote:

> Hello.
> 
> The new mysql release mentions two security issues that has been
> addressed, 
> anyone knows more about that? I guess it would need some CVE
> assignment as 
> well.
> 
> http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
> 
> -- 
> Regards // Oden Eriksson
> Security team manager - Mandriva

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.