26 Oct
2015
26 Oct
'15
12:11 p.m.
2015-10-26 11:35 GMT+02:00 Sergei Golubchik <serg@mariadb.org>:
The Debian security tracker https://security-tracker.debian.org/tracker/source-package/mariadb-10.0 lists two CVEs as undetermined, can you say if CVE-2015-4737 and CVE-2015-2620 affect MariaDB 10.0 or not?
I can only guess.
CVE-2015-4737 seems to be Oracle Bug#20181776. If it is, then yes, all versions of MariaDB and MySQL (!) are affected. See MDEV-8269.
This CVE is fixed in MySQL 5.6 according to https://security-tracker.debian.org/tracker/CVE-2015-4737