Date: Wed, 27 Jun 2012 13:47:05 +0200 From: Tomas Hoger <thoger@...hat.com> To: secalert_us@...cle.com Cc: oss-security@...ts.openwall.com, serg@...typrogram.com Subject: Re: MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c) On Mon, 18 Jun 2012 18:50:01 +0200 Tomas Hoger wrote: > Additionally, following bugs try to collect info on MySQL security > fixes in the last released and an upcoming Oracle CPU: > > https://bugzilla.redhat.com/show_bug.cgi?id=832477 > https://bugzilla.redhat.com/show_bug.cgi?id=832540 > > It would be nice if Oracle could confirm the mapping between CVEs and > particular issues to avoid any incorrect guesses. I was really hoping to see some comments form Oracle security team and an explicit confirmation of the correct CVE guesses. Is there a good reason why CVE mapping for public issues can not be provided? Thank you! -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.