[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

CVE-2020-15180: MariaDB

Hello Debian LTS team!

Regarding CVE-2020-15180 I have prepared updates for Ubuntu Trusty
(5.5), Ubuntu Bionic (10.1), Focal (10.3), Groovy (10.3) and Debian
Stretch (10.1), Buster (10.3) and Sid (10.5).

The Debian and Ubuntu security teams have already processed these and
DSA and USN are in the works.

Last thing remaining is the coordination with the Debian LTS team
about the Stretch update.

Is there somebody in the LTS team who would like to review and approve
a mariadb-10.1 1:10.1.45-0+debu1 for Stretch?

Stretch changes:
QA: https://salsa.debian.org/mariadb-team/mariadb-10.1/-/pipelines/185587

Unfortunately I don't have much more info about the security issue
itself. The source diff shows some changes to the WSREP-API (Galera
cluster code). There will be more info from security@mariadb.org at
the end of the month as there is an embargo now to allow time for
mysql-galera to ship an update. MariaDB and Percona have already
released fixes.

Release notes for reference:
- https://mariadb.com/kb/en/mariadb-1056-release-notes/
- https://mariadb.com/kb/en/mariadb-10325-release-notes/
- https://mariadb.com/kb/en/mariadb-10147-release-notes/

- Otto

Reply to: