Hi again Now I have read the information in CVE-2017-3305 better. Now I understand that it is just the mysql-5.7 version that is definitely not affected.
However it is still not clear to me whether the 5.5 version in jessie and wheezy is vulnerable to: - The BACKRONYM vulnerability? - CVE-2017-3305? I'm trying to understand this sentence: "... Later, Oracle tried to address the corresonding issue as well in 5.5 and 5.6 series..." In what 5.5.x version was that addressed? Best regards // Ola On 22 March 2017 at 20:32, Ola Lundqvist <o...@inguza.com> wrote: > Hi LTS team and Security team > > I have started to look into CVE-2017-3305. As I understand both stable > and oldstable are unaffected by this vulnerability. The reason is that > this is > an amendment of the correction for the BACKRONYM vulnerability. > > What I do not understand however is whether mysql is vulnerable to the > backronym vulnerability or not. > > I can not find any CVE for the BACKRONYM vulnerability. Or rather I can > find it but that one is only for mariadb and percona > https://security-tracker.debian.org/tracker/CVE-2015-3152. > > Do any of you know whether the BACKRONYM has been fixed in mysql-5.5? > I thought I should ask before actually trying to reproduce it. > > Best regards > > // Ola > > -- > --- Inguza Technology AB --- MSc in Information Technology ---- > / o...@inguza.com Folkebogatan 26 \ > | o...@debian.org 654 68 KARLSTAD | > | http://inguza.com/ Mobile: +46 (0)70-332 1551 > <+46%2070%20332%2015%2051> | > \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / > --------------------------------------------------------------- > > -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
