← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master

« back to all changes in this revision

Viewing changes to active/CVE-2015-1027

  • Committer: Steve Beattie
  • Date: 2019-02-19 06:18:27 UTC
  • Revision ID: sbeattie@ubuntu.com-20190219061827-oh57fzcfc1u9dlfk
The ubuntu-cve-tracker project has been converted to git.

Please use 'git clone https://git.launchpad.net/ubuntu-cve-tracker' to
get the converted tree.

Show diffs side-by-side

added added

removed removed

Lines of Context:
active/CVE-2015-1027
1
 
Candidate: CVE-2015-1027
2
 
PublicDate: 2017-09-28
3
 
References:
4
 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1027
5
 
Description:
6
 
 The version checking subroutine in percona-toolkit before 2.2.13 and
7
 
 xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and
8
 
 Man In The Middle attacks in which the server response could be modified to
9
 
 allow the attacker to respond with modified command payload and have the
10
 
 client return additional running configuration information leading to an
11
 
 information disclosure of running configuration of MySQL.
12
 
Ubuntu-Description:
13
 
Notes:
14
 
 sarnold> Debian notes this version check is disabled, it may be disabled in
15
 
  our packages too
16
 
Bugs:
17
 
Priority: medium
18
 
Discovered-by:
19
 
Assigned-to:
20
 
 
21
 
Patches_percona-toolkit:
22
 
 patch: https://build.opensuse.org/package/view_file/openSUSE:13.1:Update/xtrabackup/percona-xtrabackup-CVE-2015-1027.patch?expand=1
23
 
upstream_percona-toolkit: needed
24
 
lucid_percona-toolkit: DNE
25
 
precise_percona-toolkit: ignored (reached end-of-life)
26
 
precise/esm_percona-toolkit: DNE (precise was needed)
27
 
trusty_percona-toolkit: needed
28
 
utopic_percona-toolkit: ignored (reached end-of-life)
29
 
vivid_percona-toolkit: ignored (reached end-of-life)
30
 
vivid/stable-phone-overlay_percona-toolkit: DNE
31
 
vivid/ubuntu-core_percona-toolkit: DNE
32
 
wily_percona-toolkit: ignored (reached end-of-life)
33
 
xenial_percona-toolkit: needed
34
 
yakkety_percona-toolkit: ignored (reached end-of-life)
35
 
zesty_percona-toolkit: ignored (reached end-of-life)
36
 
artful_percona-toolkit: needed
37
 
bionic_percona-toolkit: needed
38
 
devel_percona-toolkit: needed
39
 
 
40
 
Patches_percona-xtrabackup:
41
 
 patch: https://build.opensuse.org/package/view_file/openSUSE:13.1:Update/xtrabackup/percona-xtrabackup-CVE-2015-1027.patch?expand=1
42
 
upstream_percona-xtrabackup: needed
43
 
lucid_percona-xtrabackup: DNE
44
 
precise_percona-xtrabackup: DNE
45
 
precise/esm_percona-xtrabackup: DNE
46
 
trusty_percona-xtrabackup: needed
47
 
utopic_percona-xtrabackup: ignored (reached end-of-life)
48
 
vivid_percona-xtrabackup: ignored (reached end-of-life)
49
 
vivid/stable-phone-overlay_percona-xtrabackup: DNE
50
 
vivid/ubuntu-core_percona-xtrabackup: DNE
51
 
wily_percona-xtrabackup: ignored (reached end-of-life)
52
 
xenial_percona-xtrabackup: needed
53
 
yakkety_percona-xtrabackup: ignored (reached end-of-life)
54
 
zesty_percona-xtrabackup: ignored (reached end-of-life)
55
 
artful_percona-xtrabackup: needed
56
 
bionic_percona-xtrabackup: needed
57
 
devel_percona-xtrabackup: needed