Hi, Brian! Thanks. I've updated the security page now. I think that CVE-2015-4757 is fixed in 5.5.43 (and 10.0.18), and CVE-2015-4752 CVE-2015-2648 CVE-2015-2643 CVE-2015-2582 are fixed in 5.5.44 (and 10.0.20). While I cannot be sure what CVE-2015-4737 and CVE-2015-2620 are about, I suspect that the first is https://github.com/mysql/mysql-server/commit/c655515d and the second is https://github.com/mysql/mysql-server/commit/fdae90dd. If that's right, than the first is intentional behavior, not a bug. I believe that changing it might break user applications (esp. backups). The second isn't a fix it all, it only covers one very specific case. I've created MDEV-8269 to have this bug properly fixed. Regards, Sergei On Aug 13, Brian Evans wrote:
The quarterly CVE list from oracle was published[1]. The following CVEs are listed there affecting 5.5, but not listed on the MariaDB security page[2].
CVE-2015-4757 CVE-2015-4752 CVE-2015-2648 CVE-2015-2643 CVE-2015-2582 CVE-2015-4737 CVE-2015-2620
Are they fixed with 5.5.45 and 10.0.21, or any other version?
Brian
[1] http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#Ap... [2] https://mariadb.com/kb/en/mariadb/security/