CVE-2017-15365

NameCVE-2017-15365
Descriptionsql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ...
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs884065, 885345

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mariadb-10.0 (PTS)jessie10.0.32-0+deb8u1undetermined
jessie (security)10.0.37-0+deb8u1undetermined
mariadb-10.1 (PTS)stretch (security), stretch10.1.26-0+deb9u1vulnerable
buster, sid1:10.1.37-1fixed
mysql-5.5 (PTS)wheezy (lts), wheezy5.5.62-0+deb7u1fixed
wheezy (security)5.5.60-0+deb7u1fixed
jessie5.5.60-0+deb8u1fixed
jessie (security)5.5.62-0+deb8u1fixed
mysql-5.7 (PTS)sid5.7.24-2undetermined
percona-xtrabackup (PTS)jessie2.2.3-2.1fixed
sid2.2.3-2.1undetermined

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mariadb-10.0source(unstable)undetermined
mariadb-10.1source(unstable)1:10.1.34-1885345
mariadb-10.2source(unstable)(unfixed)884065
mysql-5.5source(unstable)(not affected)
mysql-5.7source(unstable)undetermined
percona-xtrabackupsource(unstable)undetermined
percona-xtrabackupsourcejessie(not affected)

Notes

[jessie] - percona-xtrabackup <not-affected> (vulnerable code not present)
- mysql-5.5 <not-affected> (Vulnerable code not present)
MariaDB: Fixed in 10.2.10, 10.1.30
https://bugzilla.redhat.com/show_bug.cgi?id=1524234
https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html
Likely (unconfirmed) fix: https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e?diff=unified
Possibly only introduced with https://github.com/MariaDB/server/commit/df4dd593f29aec8e2116aec1775ad4b8833d8c93 (mariadb-10.1.1)
starting to be present in mariadb-10.1.1.

Search for package or bug name: Reporting problems