Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 11 Sep 2014 15:53:03 +0200
From: Tomas Hoger <thoger@...hat.com>
To: Sven Kieske <s.kieske@...twald.de>
Cc: <oss-security@...ts.openwall.com>
Subject: Re: CVE Request: MySQL: MyISAM temporary file issue

On Thu, 11 Sep 2014 10:22:13 +0200 Sven Kieske wrote:

> On 10/09/14 18:00, Salvatore Bonaccorso wrote:
>
> > MyISAM temporary files could be used to mount a code-execution
> > attack. (Bug #18045646).
> 
> Funny enough, when you search for this bug on bugs.mysql.com you get:
> 
> http://bugs.mysql.com/bug.php?id=18045646
> 
> "No such bug #18045646 or bug is referenced in the Oracle bug system."
> 
> Is this marked as private or something like that? Even if it's public
> now?

Too many digits for bugs.mysql.com bug ids, those tends to have no more
than 5 digits.  As the error message you got suggests - it's likely an
id in some internal bug tracking system.  Don't expect it to be useful
for anything else than matching release notes entry to bzr commit.

Also note that security fixes are not mentioned in release notes for
some time - inclusion of this one is likely an omission rather than
intention.

-- 
Tomas Hoger / Red Hat Product Security

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.