Re: CVE-2020-15180: MariaDB
Hello!
I just realized Emilio represents the LTS team and he already took care of this.
ke 21. lokak. 2020 klo 11.25 Otto Kekäläinen (otto@debian.org) kirjoitti:
>
> Hello Debian LTS team!
>
> Regarding CVE-2020-15180 I have prepared updates for Ubuntu Trusty
> (5.5), Ubuntu Bionic (10.1), Focal (10.3), Groovy (10.3) and Debian
> Stretch (10.1), Buster (10.3) and Sid (10.5).
>
> The Debian and Ubuntu security teams have already processed these and
> DSA and USN are in the works.
>
> Last thing remaining is the coordination with the Debian LTS team
> about the Stretch update.
>
> Is there somebody in the LTS team who would like to review and approve
> a mariadb-10.1 1:10.1.45-0+debu1 for Stretch?
>
> Stretch changes:
> https://salsa.debian.org/mariadb-team/mariadb-10.1/-/compare/debian%2F10.1.45-0+deb9u1...stretch
> QA: https://salsa.debian.org/mariadb-team/mariadb-10.1/-/pipelines/185587
>
> Unfortunately I don't have much more info about the security issue
> itself. The source diff shows some changes to the WSREP-API (Galera
> cluster code). There will be more info from security@mariadb.org at
> the end of the month as there is an embargo now to allow time for
> mysql-galera to ship an update. MariaDB and Percona have already
> released fixes.
>
> Release notes for reference:
> - https://mariadb.com/kb/en/mariadb-1056-release-notes/
> - https://mariadb.com/kb/en/mariadb-10325-release-notes/
> - https://mariadb.com/kb/en/mariadb-10147-release-notes/
>
>
> - Otto
--
- Otto
Reply to: