Hi Salvatore Thank you. Now it is clear. I'll add this to dla-needed.txt then with a note that it will be fixed by Oracle in the next Oracle CPU.
Best regards // Ola On 22 March 2017 at 20:54, Salvatore Bonaccorso <car...@debian.org> wrote: > Hi > > On Wed, Mar 22, 2017 at 08:40:16PM +0100, Ola Lundqvist wrote: > > Hi again > > > > Now I have read the information in CVE-2017-3305 better. Now I understand > > that it is just the mysql-5.7 version that is definitely not affected. > > > > However it is still not clear to me whether the 5.5 version in jessie and > > wheezy is vulnerable to: > > - The BACKRONYM vulnerability? > > - CVE-2017-3305? > > > > I'm trying to understand this sentence: > > "... Later, Oracle tried to address the corresonding issue as well in 5.5 > > and 5.6 series..." > > In what 5.5.x version was that addressed? > > I have ammended the note to clarify which version tried to correct the > corresponding issue (*but* do *not* track CVE-2015-3152 for Oracle > MySQL, the CVE was specific to mariadb and percona). > > The notes should hopefully be clear now. The CVE-2017-3305 will be > fixed by Oracle in the next Oracle CPU as promised by upstream. > > Regards, > Salvatore > -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
