Re: Upload MariaDB 1:10.3.37-0+deb10u1 ?

[Emilio Pozuelo Monfort <pochu@debian.org>]

Hi Otto,

On 07/02/2023 07:47, Otto Kekäläinen wrote:
> Hi!
>
> On Mon, 26 Dec 2022 at 14:08, Otto Kekäläinen <otto@debian.org> wrote:
> > On Mon, 5 Dec 2022 at 01:18, Utkarsh Gupta <guptautkarsh2102@gmail.com> wrote:
> > > Hi Otto,
> > >
> > > On Mon, Dec 5, 2022 at 5:33 AM Otto Kekäläinen <otto@debian.org> wrote:
> > > > I didn't get a reply to this, so asking again.
> > >
> > > I could take care of the upload but if you'd like to do that, please
> > > feel free to do so and I can take care of the paperwork. One quick
> > > thing I spotted in the target in d/ch is "buster". Could you please
> > > change that to "buster-security" instead?
> > >
> > > Let me know if you'd like to upload yourself or want me to take care
> > > of it. Thanks.
> >
> > Sorry for the late reply, but 10.3.37 does not include any CVE tracked
> > security fixes (https://mariadb.com/kb/en/security/) so I guess it
> > does not warrant a buster-*security* upload. I will just leave it at
> > https://salsa.debian.org/mariadb-team/mariadb-10.3/-/commits/buster as
> > the base for importing 10.3.38 in January/February.
>
> Upstream released today 10.3.38 but it does not have CVEs either:
> - https://mariadb.com/kb/en/mariadb-10-3-38-release-notes/
> - https://mariadb.com/kb/en/security/
>
> I can however prepare an upload to Debian LTS if you think it would be
> justified purely on maintenance/bugs fixed.

That should be alright. Please go ahead and let me know if you need anything.

Cheers,
Emilio