Date: Fri, 10 Apr 2015 15:58:33 +0200 From: Tomas Hoger <thoger@...hat.com> To: Joshua Rogers <oss@...ernot.info> Cc: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Re: CVE Request: MySQL Null Pointer Dereference On Fri, 10 Apr 2015 18:46:47 +1000 Joshua Rogers wrote: > Could I get a CVE-ID assigned for this bug?: > https://bugs.mysql.com/bug.php?id=75372 I believe this kind of issues is not considered security / needing CVE without further justification. The problem here only occurs if malloc(small_value) fails. Considering how small the value is and that it's not attacker controlled, it's fairly non-obvious if attacker has any practical chance of triggering this bug. -- Tomas Hoger / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.