[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MariaDB security vulnerabilities


On Mon, Feb 14, 2022 at 4:04 AM Markus Koschany <apo@debian.org> wrote:
> Hello,
> Just a heads-up. New CVE have been reported for MariaDB 10.3. It is likely that
> 10.1 in Stretch is affected as well. Otto Kekäläinen (maintainer) is currently
> investigating if it is feasible to backport a newer MariaDB version to Stretch
> because 10.1 is no longer supported upstream. Do we have any past experiences
> how to handle MySQL/MariaDB updates if they are no longer supported?

MariaDB 10.6 has so many changes in its build dependencies that making
it build on Stretch library versions is probably too much work.
Test build log at

MariaDB 10.3 at least builds:
However the mariadb-plugin-myrocks installation fails due to missing
run-time dependencies:

MariaDB 10.3 is also easier as it can use the existing galera-3
package already in Stretch. Upstream support is until spring 2023.

I think backporting MariaDB 10.3 might be feasible, but requires work.
Is there really a lot of demand?

- Otto

Reply to: