[MDEV-12043] CVE-2017-3313 Created: 2017-02-10 Updated: 2017-02-27 Resolved: 2017-02-27 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Server |
| Affects Version/s: | 5.5.54, 10.1.20, 10.1.21 |
| Fix Version/s: | 5.5.55, 10.0.30, 10.1.22, 10.2.5 |
| Type: | Bug | Priority: | Major |
| Reporter: | Michal Schorm | Assignee: | Sergei Golubchik |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Description |
|
Hello, a CVE-2017-3313 were revealed and solved by the Oracle in the MySQL project, however it was not delivered with the MariaDB 10.1.21 version (or mentioned in release notes) |
| Comments |
| Comment by Sergei Golubchik [ 2017-02-20 ] |
|
Unfortunately, the security researcher decided to inform us about this vulnerability only after we've released 5.5.54, so we couldn't have fixed it there. Also, MySQL "solution" changes the existing behavior and does not fix the vulnerability anyway, that's why we didn't merge it. We already have a fix for this issue, it'll be part of 5.5.55, 10.0.30, 10.1.22 |
| Comment by Michal Schorm [ 2017-02-20 ] |
|
Thanks for the info. I filed this bug mostly to make sure both you and me won't overlooked it. |