CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CVE-2016-2047 — MEDIUM severity vulnerability | Release Alert
CVE-2016-2047
4.3
MEDIUMCVSS v2
Published
January 27, 2016
Affected
2 projects
Assigned by
MITRE
Severity scale
010
Description
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
ChocolateyMariaDB is designed as a drop-in replacement of [MySQL](https://community.chocolatey.org/packages/mysql) with more features, new storage engines, fewer bugs, and better performance. MariaDB server is a community developed fork of MySQL server started by core members of the original MySQL team.
MariaDB strives to be the logical choice for database professionals looking for a robust, scalable, and reliable SQL server. To accomplish this, the MariaDB Foundation work closely and cooperatively with the larger community of users and developers in the true spirit of Free and open source software, and release software in a manner that balances predictability with reliability.
#### MariaDB comparison to MySQL
* [Features](https://mariadb.com/kb/en/mariadb/mariadb-vs-mysql-features/)
* [Compatibility](https://mariadb.com/kb/en/mariadb/mariadb-vs-mysql-compatibility/)
#### Community
* [Facebook](https://www.facebook.com/MariaDB.dbms)
* [Google+](https://plus.google.com/+mariadb)
* [Twitter](https://twitter.com/mariadb)
**Please Note**: This is an automatically updated package. If you find it is
out of date by more than a day or two, please contact the maintainer(s) and
let them know [here](https://github.com/mkevenaar/chocolatey-packages/issues) that the package is no longer updating correctly.