[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c)
From:       Tomas Hoger <thoger () redhat ! com>
Date:       2012-06-27 11:47:05
Message-ID: 20120627134705.4688e5a0 () redhat ! com
[Download RAW message or body]

On Mon, 18 Jun 2012 18:50:01 +0200 Tomas Hoger wrote:

> Additionally, following bugs try to collect info on MySQL security
> fixes in the last released and an upcoming Oracle CPU:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=832477
> https://bugzilla.redhat.com/show_bug.cgi?id=832540
> 
> It would be nice if Oracle could confirm the mapping between CVEs and
> particular issues to avoid any incorrect guesses.

I was really hoping to see some comments form Oracle security team and
an explicit confirmation of the correct CVE guesses.  Is there a good
reason why CVE mapping for public issues can not be provided?

Thank you!

-- 
Tomas Hoger / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]