[#MDEV-10240] Is CVE-2012-2750 included in 10.0.1.13+ ?

[MDEV-10240] Is CVE-2012-2750 included in 10.0.1.13+ ? Created: 2016-06-15 Updated: 2016-06-15 Resolved: 2016-06-15
Status:	Closed
Project:	MariaDB Server
Component/s:	Documentation
Affects Version/s:	10.1.13
Fix Version/s:	N/A

Type:

Bug

Priority:

Critical

Reporter:

Sven Werner

Assignee:

Ian Gilfillan

Resolution:

Not a Bug

Votes:

Labels:

None

Environment:

Windows 2008

Description

Hi,

a security scan of our 2008 server shows the critical CVE-2012-2750 in the list.
I can see this has been fixed for 5.5.23. We use XAMPP 7.0.6 which includes MariaDB 10.1.13. It seems the fix did not make it to v10.

Sven

Comments

Comment by Sergei Golubchik [ 2016-06-15 ]

See https://mariadb.com/kb/en/mariadb/security/

All CVE's that were fixed in 5.5.27 are in 10.0.0

There was no 10.0 when bugs in 5.5.23 were fixed. But naturally, because 5.5.23 was before 5.5.27 everything fixed in 5.5.23 is also in 5.5.27 and is in 10.0 and is in 10.1 and will be in 10.2, even if this is not listed explicitly.

Generated at Thu Feb 08 07:40:43 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-10240] Is CVE-2012-2750 included in 10.0.1.13+ ? Created: 2016-06-15 Updated: 2016-06-15 Resolved: 2016-06-15