Re: [oss-security] MySQL 0-day - does it need a CVE?

From: Henri Salo <henri_at_nospam>
Date: Thu Feb 09 2012 - 20:09:44 GMT
To: oss-security@lists.openwall.com

On Thu, Feb 09, 2012 at 10:20:14AM -0700, Kurt Seifried wrote:
> https://lists.immunityinc.com/pipermail/canvas/2012-February/000011.html
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> We are releasing a working MySQL 5.5.20 remote 0day exploit with this
> update.The exploit has been tested with mysql-5.5.20-debian6.0-i686.deb
> on Debian 6.0.
>
> Best,
> Intevydis Ltd.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk8xdTEACgkQY8Flb3OI+Q2zXwCfQL5y+R8n+ipdMYIRdoVPkEdF
> yeoAn26p3KmY0+WYFqKrb9/A3frNo2Xm
> =m+1k
> -----END PGP SIGNATURE-----
>
> Does this need a CVE # or have you already gotten one from Mitre?
>
> --
> Kurt Seifried Red Hat Security Response Team (SRT)

Oracle MySQL Server CVE-2012-0492 Remote MySQL Server Vulnerability â€“ http://www.securityfocus.com/bid/51516

- Henri Salo

This message: [ Message body ]
Next message: Solar Designer: "Re: [oss-security] MySQL 0-day - does it need a CVE?"
Previous message: Henri Salo: "Re: [oss-security] MySQL 0-day - does it need a CVE?"
In reply to: Kurt Seifried: "[oss-security] MySQL 0-day - does it need a CVE?"
Next in thread: Solar Designer: "Re: [oss-security] MySQL 0-day - does it need a CVE?"
Reply: Solar Designer: "Re: [oss-security] MySQL 0-day - does it need a CVE?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]