Hi On Wed, Mar 22, 2017 at 08:40:16PM +0100, Ola Lundqvist wrote: > Hi again > > Now I have read the information in CVE-2017-3305 better. Now I understand > that it is just the mysql-5.7 version that is definitely not affected. > > However it is still not clear to me whether the 5.5 version in jessie and > wheezy is vulnerable to: > - The BACKRONYM vulnerability? > - CVE-2017-3305? > > I'm trying to understand this sentence: > "... Later, Oracle tried to address the corresonding issue as well in 5.5 > and 5.6 series..." > In what 5.5.x version was that addressed?
I have ammended the note to clarify which version tried to correct the corresponding issue (*but* do *not* track CVE-2015-3152 for Oracle MySQL, the CVE was specific to mariadb and percona). The notes should hopefully be clear now. The CVE-2017-3305 will be fixed by Oracle in the next Oracle CPU as promised by upstream. Regards, Salvatore
