Date: Thu, 11 Sep 2014 15:53:03 +0200 From: Tomas Hoger <thoger@...hat.com> To: Sven Kieske <s.kieske@...twald.de> Cc: <oss-security@...ts.openwall.com> Subject: Re: CVE Request: MySQL: MyISAM temporary file issue On Thu, 11 Sep 2014 10:22:13 +0200 Sven Kieske wrote: > On 10/09/14 18:00, Salvatore Bonaccorso wrote: > > > MyISAM temporary files could be used to mount a code-execution > > attack. (Bug #18045646). > > Funny enough, when you search for this bug on bugs.mysql.com you get: > > http://bugs.mysql.com/bug.php?id=18045646 > > "No such bug #18045646 or bug is referenced in the Oracle bug system." > > Is this marked as private or something like that? Even if it's public > now? Too many digits for bugs.mysql.com bug ids, those tends to have no more than 5 digits. As the error message you got suggests - it's likely an id in some internal bug tracking system. Don't expect it to be useful for anything else than matching release notes entry to bzr commit. Also note that security fixes are not mentioned in release notes for some time - inclusion of this one is likely an omission rather than intention. -- Tomas Hoger / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.