Re: CVE-2020-15180: MariaDB
I just realized Emilio represents the LTS team and he already took care of this.
ke 21. lokak. 2020 klo 11.25 Otto Kekäläinen (email@example.com) kirjoitti:
> Hello Debian LTS team!
> Regarding CVE-2020-15180 I have prepared updates for Ubuntu Trusty
> (5.5), Ubuntu Bionic (10.1), Focal (10.3), Groovy (10.3) and Debian
> Stretch (10.1), Buster (10.3) and Sid (10.5).
> The Debian and Ubuntu security teams have already processed these and
> DSA and USN are in the works.
> Last thing remaining is the coordination with the Debian LTS team
> about the Stretch update.
> Is there somebody in the LTS team who would like to review and approve
> a mariadb-10.1 1:10.1.45-0+debu1 for Stretch?
> Stretch changes:
> QA: https://salsa.debian.org/mariadb-team/mariadb-10.1/-/pipelines/185587
> Unfortunately I don't have much more info about the security issue
> itself. The source diff shows some changes to the WSREP-API (Galera
> cluster code). There will be more info from firstname.lastname@example.org at
> the end of the month as there is an embargo now to allow time for
> mysql-galera to ship an update. MariaDB and Percona have already
> released fixes.
> Release notes for reference:
> - https://mariadb.com/kb/en/mariadb-1056-release-notes/
> - https://mariadb.com/kb/en/mariadb-10325-release-notes/
> - https://mariadb.com/kb/en/mariadb-10147-release-notes/
> - Otto