Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20120627134705.4688e5a0@redhat.com>
Date: Wed, 27 Jun 2012 13:47:05 +0200
From: Tomas Hoger <thoger@...hat.com>
To: secalert_us@...cle.com
Cc: oss-security@...ts.openwall.com, serg@...typrogram.com
Subject: Re: MySQL CVEs (was: Security vulnerability in
 MySQL/MariaDB sql/password.c)

On Mon, 18 Jun 2012 18:50:01 +0200 Tomas Hoger wrote:

> Additionally, following bugs try to collect info on MySQL security
> fixes in the last released and an upcoming Oracle CPU:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=832477
> https://bugzilla.redhat.com/show_bug.cgi?id=832540
> 
> It would be nice if Oracle could confirm the mapping between CVEs and
> particular issues to avoid any incorrect guesses.

I was really hoping to see some comments form Oracle security team and
an explicit confirmation of the correct CVE guesses.  Is there a good
reason why CVE mapping for public issues can not be provided?

Thank you!

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.