----- On 26 Oct, 2015, at 6:00 AM, Otto Kekäläinen otto@seravo.fi wrote:
Hello Serg!
2015-10-25 20:38 GMT+02:00 Sergei Golubchik <serg@mariadb.org>: ...
They're all for MySQL-5.6, for the code that we don't have. MySQL-5.5 was the last version when we merged everything from MySQL. That is, MariaDB is based on MySQL-5.5 codebase, we only merge InnoDB and Performance Schema from 5.6.
Good summary info.
It would be nice if the page https://mariadb.com/kb/en/mariadb/security/ also had a section that was explicit about that Oracle CVEs do _not_ affect MariaDB, because I am sure many people wonder on how what the status might be for non-listed CVEs.
..wait, it does indeed have the section "CVE's affecting Oracle MySQL" at the very end. Can you please update it?
Its probably a real pain to keep this list updated. Something like "we've checked CVE before and including (CVE-2015-4910) and only the CVEs listed above affect MariadDB" would be sufficient. -- Daniel Black, Engineer @ Open Query (http://openquery.com.au) Remote expertise & maintenance for MySQL/MariaDB server environments.