serious security issue for DBaaS -> CREATE TABLE of death

cloudfoundry / cf-mysql-release

Cloud Foundry MySQL Release

Apache License 2.0

58 stars 106 forks source link

serious security issue for DBaaS -> CREATE TABLE of death #186

Closed GETandSELECT closed 7 years ago

GETandSELECT commented 7 years ago

Hey

see J-F Gagné's MySQL Blog

Here is the progress on fixing this bug (I might update below after the post has been published): I reported the bug on July 4th, MariaDB 10.2.7 was released with a fix on July 12th, MariaDB 5.5.57 was released with a fix on July 19th, MariaDB 10.0.32 was released with a fix on August 7th, MariaDB 10.1.26 was released with a fix on August 10th,

exploit code not yet released.

is this on your radar?

thanks

cf-gitbot commented 7 years ago

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/152185706

The labels on this github issue will be updated when the story is started.

menicosia commented 7 years ago

Hi @GETandSELECT!

Thanks for alerting us about this! This particular issue has not been on our radar, but we have been planning to upgrade to 10.1.28 regardless: #150463375

If it's OK by you, watch for that story to ship, and in the meanwhile, I'll close this issue in favor of that story? If I've missed something, by all means, feel free to re-open this issue.

-- Marco Nicosia Product Manager Pivotal Software, Inc.

menicosia commented 7 years ago

This has been addressed by v36.8.0, enjoy! And thank you again for the report!

GETandSELECT commented 7 years ago

thank you @menicosia