Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5411FAB7.5010001@oracle.com>
Date: Thu, 11 Sep 2014 12:40:39 -0700
From: Ritwik Ghoshal <ritwik.ghoshal@...cle.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: MySQL: MyISAM temporary file issue

On 9/11/2014 3:14 AM, John Haxby wrote:
> On 11/09/14 09:22, Sven Kieske wrote:
>>
>> On 10/09/14 18:00, Salvatore Bonaccorso wrote:
>>>> MyISAM temporary files could be used to mount a code-execution attack.
>>>> (Bug #18045646).
>> Funny enough, when you search for this bug on bugs.mysql.com you get:
>>
>> http://bugs.mysql.com/bug.php?id=18045646
>>
>> "No such bug #18045646 or bug is referenced in the Oracle bug system."
>>
>> Is this marked as private or something like that? Even if it's public
>> now?
> 
> It's probably marked as a security bug so only those people with a need
> to know can see it, even though it's public.
> 

Yes, information about security bug is private. Also 18045646 is an
internal tracking ID.

Thanks,
-Ritwik

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.