1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
Candidate: CVE-2017-10789
PublicDate: 2017-07-01
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10789
https://github.com/perl5-dbi/DBD-mysql/pull/114
Description:
The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting
to mean that SSL is optional (even though this setting's documentation has
a "your communication with the server will be encrypted" statement), which
allows man-in-the-middle attackers to spoof servers via a
cleartext-downgrade attack, a related issue to CVE-2015-3152.
Ubuntu-Description:
Notes:
Bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866821
https://github.com/perl5-dbi/DBD-mysql/issues/110
Priority: low
Discovered-by:
Assigned-to:
Patches_libdbd-mysql-perl:
upstream_libdbd-mysql-perl: needs-triage
precise/esm_libdbd-mysql-perl: needed
trusty_libdbd-mysql-perl: needed
vivid/ubuntu-core_libdbd-mysql-perl: DNE
xenial_libdbd-mysql-perl: needed
yakkety_libdbd-mysql-perl: ignored (reached end-of-life)
zesty_libdbd-mysql-perl: needed
devel_libdbd-mysql-perl: needed
|