[oss-security] MySQL 0-day - does it need a CVE?

https://lists.immunityinc.com/pipermail/canvas/2012-February/000011.html

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

We are releasing a working MySQL 5.5.20 remote 0day exploit with this
update.The exploit has been tested with mysql-5.5.20-debian6.0-i686.deb
on Debian 6.0.

Best,
Intevydis Ltd.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8xdTEACgkQY8Flb3OI+Q2zXwCfQL5y+R8n+ipdMYIRdoVPkEdF
yeoAn26p3KmY0+WYFqKrb9/A3frNo2Xm
=m+1k
-----END PGP SIGNATURE-----

Does this need a CVE # or have you already gotten one from Mitre?

-- Kurt Seifried Red Hat Security Response Team (SRT)

• This message: [ Message body ]
• Next message: Henri Salo: "Re: [oss-security] MySQL 0-day - does it need a CVE?"
• Previous message: Djalal Harouni: "Re: [oss-security] Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access)"
• Next in thread: Henri Salo: "Re: [oss-security] MySQL 0-day - does it need a CVE?"
• Reply: Henri Salo: "Re: [oss-security] MySQL 0-day - does it need a CVE?"
• Reply: Henri Salo: "Re: [oss-security] MySQL 0-day - does it need a CVE?"
• Reply: Tomas Hoger: "Re: [oss-security] MySQL 0-day - does it need a CVE?"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]