846192 – (CVE-2013-5807) VUL-0: CVE-2013-5807: mysql critical updates october 2013

Bug 846192 (CVE-2013-5807) - VUL-0: CVE-2013-5807: mysql critical updates october 2013

Summary: VUL-0: CVE-2013-5807: mysql critical updates october 2013

Status:	RESOLVED FIXED

Alias:	CVE-2013-5807

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other openSUSE 13.1

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Kristyna Streitova
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:NVD:CVE-2012-2750:10.0:(AV:N/...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2013-10-16 11:33 UTC by Victor Pereira
Modified:	2020-04-01 22:08 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Victor Pereira 2013-10-16 11:33:27 UTC

tracker ticket for the following CVEs:

CVE-2013-5807 5.5.32 and earlier, 5.6.12 and earlier
CVE-2013-5786 5.6.12 and earlier
CVE-2012-2750 5.1, 5.5.22 and earlier bug 767849
CVE-2013-3839 5.1.70 and earlier, 5.5.32 and earlier, 5.6.12 and earlier
CVE-2013-5767 5.6.12 and earlier
CVE-2013-5793 5.6.12 and earlier
CVE-2013-5770 5.6.11 and earlier


References:
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html#AppendixMSQL

Comment 1 Swamp Workflow Management 2013-10-16 22:00:15 UTC

bugbot adjusting priority

Comment 2 Marcus Meissner 2013-10-31 11:05:11 UTC

Are updates for MariaDB and Mysql Community Server for openSUSE available? if yses, please submit

Comment 3 Marcus Meissner 2013-11-05 08:16:03 UTC

Roman has started to be the maintainer at some point in the past, this bug probably is in his domain already.

Comment 4 Michal Hrusecky 2013-11-06 13:46:36 UTC

5.6.12 is in openSUSE 13.1 (not yet released), in SLE 11 and older openSUSE we have 5.5.33 :-) So looks like only Factory and 13.1 are affected.

Comment 5 Marcus Meissner 2013-11-07 10:40:44 UTC

SLE11 SP2 and older have mysql 5.0, just FWIW.

Comment 6 Johannes Segitz 2014-05-09 09:23:07 UTC

openSUSE update for 5.6.12+ still missing.

Comment 7 Johannes Segitz 2015-04-07 14:17:47 UTC

If you can spare some time openSUSE submits would be appreciated. Thanks.

Comment 8 Kristyna Streitova 2015-07-14 15:28:29 UTC

We have mysql 5.6.25 in openSUSE 13.1 and 13.2 now. Closing this bug.