Hello Debian LTS team!
Regarding CVE-2020-15180 I have prepared updates for Ubuntu Trusty
(5.5), Ubuntu Bionic (10.1), Focal (10.3), Groovy (10.3) and Debian
Stretch (10.1), Buster (10.3) and Sid (10.5).
The Debian and Ubuntu security teams have already processed these and
DSA and USN are in the works.
Last thing remaining is the coordination with the Debian LTS team
about the Stretch update.
Is there somebody in the LTS team who would like to review and approve
a mariadb-10.1 1:10.1.45-0+debu1 for Stretch?
Unfortunately I don't have much more info about the security issue
itself. The source diff shows some changes to the WSREP-API (Galera
cluster code). There will be more info from email@example.com at
the end of the month as there is an embargo now to allow time for
mysql-galera to ship an update. MariaDB and Percona have already
Release notes for reference: