oss-security - CVE-2017-10788 for DBD::mysql (Re: Re: MySQL - use-after-free after mysql_stmt

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Mon, 3 Jul 2017 10:00:07 +0200
From: Pali Rohár <pali.rohar@...il.com>
To: Adam Maris <amaris@...hat.com>
Cc: oss-security@...ts.openwall.com
Subject: CVE-2017-10788 for DBD::mysql (Re: Re: MySQL -
 use-after-free after mysql_stmt_close())

On Thursday 15 June 2017 15:50:42 Adam Maris wrote:
> On Mon, 2017-06-12 at 23:47 +0200, Pali Rohár wrote:
> > Hello!
> > 
> > Any idea how to handle this particular problem?
> > 
> > 
> 
> Hi!
> 
> Given that Oracle (silently) updated the vulnerable example in their
> documentation, this likely indicates the way to handle this -
> applications that copied the vulnerable example needs to be fixed and
> CVEs will be assigned per application.
> 
> Best Regards,
> 

Hi! Just to note that Mitre now assigned CVE-2017-10788 for DBD::mysql:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10788

-- 
Pali Rohár
pali.rohar@...il.com

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.