Bug#1000342: bullseye-pu: package mariadb-10.5 10.5.13-0+deb11u1

To: Otto Kekäläinen <otto@debian.org>, 1000342@bugs.debian.org
Cc: Paul Gevers <elbrus@debian.org>, team@security.debian.org
Subject: Bug#1000342: bullseye-pu: package mariadb-10.5 10.5.13-0+deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Tue, 07 Dec 2021 15:54:32 +0000
Message-id: <[🔎] 54071975de3ee65704be3fa498050adf316776d1.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1000342@bugs.debian.org
In-reply-to: <[🔎] CAOU6tAB8W9y2QwVGmf1qRM9jApJUiFyh=qiXD2m7-jvemxpBHA@mail.gmail.com>
References: <13e5f893-dae4-bd34-597c-039abf406c86@debian.org> <CAOU6tABiExL2NNeps9g_Qyr9zbdsNV4LcaUNbNsF0T39hBN2zA@mail.gmail.com> <e35420b0-eabb-95e6-044f-ff1708662c54@debian.org> <CAOU6tACjO+en2U4ZkY8pskWzR1JU-mkOsaUaw6TpRpjC2UueoA@mail.gmail.com> <[🔎] 751fe225046eeaf7607b5a315518982b874b9815.camel@adam-barratt.org.uk> <CAOU6tAA0YkBNoQhryDovRrfx7D3haTW5LTgt0+FPS4xAGstpbw@mail.gmail.com> <[🔎] CAOU6tABg7dLW6A4uQW2dL8=ctZodO+BfEwopzyTtKPvdi9zEEQ@mail.gmail.com> <[🔎] b9152df23bb9b5be08ddafea5d0e6b34ea1affb5.camel@adam-barratt.org.uk> <CAOU6tAA0YkBNoQhryDovRrfx7D3haTW5LTgt0+FPS4xAGstpbw@mail.gmail.com> <[🔎] CAOU6tAB8W9y2QwVGmf1qRM9jApJUiFyh=qiXD2m7-jvemxpBHA@mail.gmail.com> <CAOU6tAA0YkBNoQhryDovRrfx7D3haTW5LTgt0+FPS4xAGstpbw@mail.gmail.com>

Hi,

On Mon, 2021-12-06 at 11:39 -0800, Otto Kekäläinen wrote:
> MariaDB 10.6.5 has been uploaded to Sid and will replace 10.5 as soon
> as it has the initial bugs weeded out and is same or better overall
> quality as 10.5.

I saw the 10.6 uploads, but I'm afraid that doesn't directly address
the concern.

With 10.5 still being the default in unstable, if we only release
10.5.13 via the point release then users of Debian's default
MySQL/MariaDB package in unstable and testing do not benefit from the
updates included in it, including the fixes for CVE-2021-35604.

When we were faced with a similar situation for 10.3 last year, we
decided to proceed anyway as 10.5 was about to become the default
version and 10.3 was then removed from unstable shortly afterwards.

Looking at the current status of the 10.6 packages in unstable, it
doesn't seem like we're in the same situation - there are build
failures on multiple architectures, for instance, and no packages in
testing yet. As such, I'm trying to gauge the likely timescales
involved, so that we can make the best decision for our users.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#1000342: bullseye-pu: package mariadb-10.5 10.5.13-0+deb11u1
  - From: Otto Kekäläinen <otto@debian.org>

References:
- Bug#1000342: bullseye-pu: package mariadb-10.5 10.5.13-0+deb11u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#1000342: bullseye-pu: package mariadb-10.5 10.5.13-0+deb11u1
  - From: Otto Kekäläinen <otto@debian.org>
- Bug#1000342: bullseye-pu: package mariadb-10.5 10.5.13-0+deb11u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#1000342: bullseye-pu: package mariadb-10.5 10.5.13-0+deb11u1
  - From: Otto Kekäläinen <otto@debian.org>

Prev by Date: Bug#992613: buster-pu: package icu/63.1-6+deb10u2
Next by Date: Bug#1000342: bullseye-pu: package mariadb-10.5 10.5.13-0+deb11u1
Previous by thread: Bug#1000342: bullseye-pu: package mariadb-10.5 10.5.13-0+deb11u1
Next by thread: Bug#1000342: bullseye-pu: package mariadb-10.5 10.5.13-0+deb11u1
Index(es):
- Date
- Thread