Bug#887751: [pkg-cli-libs-team] Bug#887751: mysql-connector-net: CVE-2018-2585 DoS via unauthenticated connection

Mon, 22 Jan 2018 21:39:28 -0800 

severity 887751 important
thanks

Hello Guido,

thank you for the report.

CVE-2018-2585 has been rated by the Debian security as a minor issue [0].
You have bumped the severity from important to grave without an explanation.
Is there something you want to share?

 [0]: https://security-tracker.debian.org/tracker/CVE-2018-2585

Best regards,

Mirco (meebey) Bauer

FOSS Hacker             mee...@meebey.net  https://www.meebey.net/
Debian Developer        mee...@debian.org  http://www.debian.org/
GNOME Foundation Member mmmba...@gnome.org http://www.gnome.org/
CTO @ Gatecoin Ltd.     mi...@gatecoin.com https://gatecoin.com/
.NET Foundation Advisory Council Member    http://www.dotnetfoundation.org/
PGP-Key ID              0x7127E5ABEEF946C8 https://meebey.net/pubkey.asc

On Sat, Jan 20, 2018 at 12:38 AM, Guido Günther <a...@sigxcpu.org> wrote:

> Package: mysql-connector-net
> X-Debbugs-CC: t...@security.debian.org secure-testing-team@lists.
> alioth.debian.org
> Severity: important
> Tags: grave
> Version: 6.4.3-2
>
> Hi,
>
> the following vulnerability was published for mysql-connector-net.
>
> CVE-2018-2585[0]:
> | Vulnerability in the MySQL Connectors component of Oracle MySQL
> | (subcomponent: Connector/Net). Supported versions that are affected
> | are 6.9.9 and prior and 6.10.4 and prior. Easily exploitable
> | vulnerability allows unauthenticated attacker with network access via
> | multiple protocols to compromise MySQL Connectors. Successful attacks
> | of this vulnerability can result in unauthorized ability to cause a
> | hang or frequently repeatable crash (complete DOS) of MySQL
> | Connectors. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS
> | Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2018-2585
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2585
>
> Please adjust the affected versions in the BTS as needed.
>
> _______________________________________________
> pkg-cli-libs-team mailing list
> pkg-cli-libs-t...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-cli-libs-team
>

Reply via email to