On Sun, 9 Jul 2006, Moritz Muehlenhoff wrote:

> > On 2006-07-04 Christian Hammers wrote:
> > > It's time for a new MySQL DSA :) On
> > >   http://www.lathspell.de/linux/debian/mysql/sarge-4.1
> > > you find *sarge5.deb pacakges that fix the following two vulnerabilities:
> > >
> > >    * Fixed DoS bug where any user could crash the server with
> > >      "SELECT str_to_date(1, NULL);" (CVE-2006-3081).
> > >      The vulnerability was discovered by Kanatoko <[EMAIL PROTECTED]>.
> > >      Closes: #373913
> > >    * Fixed DoS bug where any user could crash the server with
> > >      "SELECT date_format('%d%s', 1); (CVE-2006-XXXX).
> > >      The vulnerability was discovered by Maillefer Jean-David
> > >      <[EMAIL PROTECTED]> and filed as MySQL bug #20729.
> > >      Closes: #375694


Use CVE-2006-3469

Is this "public enough" for me to update the CVE descriptions, or should I
leave them as reserved for now?  CVE will probably be the first point of
widespread disclosure.

- Steve


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to