Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Thu, 21 Feb 2008 12:58:12 -0900
From: Jonathan Smith <smithj@...ethemallocs.com>
To:  oss-security@...ts.openwall.com
CC:  jamie@...onical.com, "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request for mysql bug #22413

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jamie Strandboge wrote:
| We have a bug report open to fix http://bugs.mysql.com/bug.php?id=22413.
| This is a DoS via a 'EXPLAIN SELECT FROM view with ORDER BY' statement
| and is fixed in 5.0.32. Can a CVE be assigned for this?

You'll probably want to CC Steve on such emails... I don't think he's
actually subscribed to the list (Steve, feel free to correct me if I'm
wrong here... I assumed it would be the same as vendor-sec).

	smithj

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (GNU/Linux)

iEYEARECAAYFAke98/QACgkQCG91qXPaRenoGACfZ4TgQfKSlucFbhhXXlT9VXed
htkAoILmvZ9mIIPg+OCoJ6qsuJahJfWq
=zGvc
-----END PGP SIGNATURE-----

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ