Date: Thu, 11 Sep 2014 12:40:39 -0700 From: Ritwik Ghoshal <ritwik.ghoshal@...cle.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: MySQL: MyISAM temporary file issue On 9/11/2014 3:14 AM, John Haxby wrote: > On 11/09/14 09:22, Sven Kieske wrote: >> >> On 10/09/14 18:00, Salvatore Bonaccorso wrote: >>>> MyISAM temporary files could be used to mount a code-execution attack. >>>> (Bug #18045646). >> Funny enough, when you search for this bug on bugs.mysql.com you get: >> >> http://bugs.mysql.com/bug.php?id=18045646 >> >> "No such bug #18045646 or bug is referenced in the Oracle bug system." >> >> Is this marked as private or something like that? Even if it's public >> now? > > It's probably marked as a security bug so only those people with a need > to know can see it, even though it's public. > Yes, information about security bug is private. Also 18045646 is an internal tracking ID. Thanks, -Ritwik
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.