[MDEV-12043] CVE-2017-3313 - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 5.5.54, 10.1.20, 10.1.21
Fix Version/s: 5.5.55, 10.0.30, 10.1.22, 10.2.5
Component/s: Server
Labels:
None

Description

Hello,

a CVE-2017-3313 were revealed and solved by the Oracle in the MySQL project, however it was not delivered with the MariaDB 10.1.21 version (or mentioned in release notes)

Attachments

Activity

Ascending order - Click to sort in descending order

Sergei Golubchik added a comment - 2017-02-20 15:36

Unfortunately, the security researcher decided to inform us about this vulnerability only after we've released 5.5.54, so we couldn't have fixed it there. Also, MySQL "solution" changes the existing behavior and does not fix the vulnerability anyway, that's why we didn't merge it. We already have a fix for this issue, it'll be part of 5.5.55, 10.0.30, 10.1.22

Sergei Golubchik added a comment - 2017-02-20 15:36 Unfortunately, the security researcher decided to inform us about this vulnerability only after we've released 5.5.54, so we couldn't have fixed it there. Also, MySQL "solution" changes the existing behavior and does not fix the vulnerability anyway, that's why we didn't merge it. We already have a fix for this issue, it'll be part of 5.5.55, 10.0.30, 10.1.22

Michal Schorm added a comment - 2017-02-20 16:13

Thanks for the info.

I filed this bug mostly to make sure both you and me won't overlooked it.

Michal Schorm added a comment - 2017-02-20 16:13 Thanks for the info. I filed this bug mostly to make sure both you and me won't overlooked it.

People

Assignee:: Sergei Golubchik

Reporter:: Michal Schorm

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2017-02-10 14:20

Updated:: 2017-02-27 13:40

Resolved:: 2017-02-27 13:40

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server