oss-sec mailing list archives
Re: mysql-5.1.41
From: Josh Bressers <bressers () redhat com>
Date: Mon, 23 Nov 2009 16:08:51 -0500 (EST)
As best as I can tell, we only need one CVE id (two issues, but one already has an id). MySQL clients before version 5.1.41 linked against OpenSSL would not properly check certificates presented by a MySQL server linked against yaSSL. This could possibly lead to a man in the middle type of attack on the SSL connection. http://bugs.mysql.com/bug.php?id=47320 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html Thanks. -- JB ----- "Oden Eriksson" <oeriksson () mandriva com> wrote:
Hello. The new mysql release mentions two security issues that has been addressed, anyone knows more about that? I guess it would need some CVE assignment as well. http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html -- Regards // Oden Eriksson Security team manager - Mandriva
Current thread:
- mysql-5.1.41 Oden Eriksson (Nov 19)
- <Possible follow-ups>
- Re: mysql-5.1.41 Josh Bressers (Nov 23)
- Re: mysql-5.1.41 Jan Lieskovsky (Nov 24)
- Re: mysql-5.1.41 Jan Lieskovsky (Nov 24)
- Re: mysql-5.1.41 Sergei Golubchik (Nov 24)
- Re: mysql-5.1.41 Steven M. Christey (Nov 30)
- Re: mysql-5.1.41 Tomas Hoger (Dec 16)
- Re: mysql-5.1.41 Sergei Golubchik (Dec 17)
- Re: mysql-5.1.41 Tomas Hoger (Dec 17)
- Re: mysql-5.1.41 Jan Lieskovsky (Nov 24)