Bug#1057179: Acknowledgement (bookworm-pu: package mariadb-10.6 1:10.11.6-0+deb12u1)

To: Otto Kekäläinen <otto@debian.org>, 1057179@bugs.debian.org
Cc: security@debian.org
Subject: Bug#1057179: Acknowledgement (bookworm-pu: package mariadb-10.6 1:10.11.6-0+deb12u1)
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 9 Dec 2023 16:09:42 +0100
Message-id: <[🔎] ZXSDNjzAYrPpnPBm@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1057179@bugs.debian.org
In-reply-to: <[🔎] CAOU6tAB+Wv0o+3SUwi3u3Ls2GGFJPi+10eRGnpU0LDGoEx1W7Q@mail.gmail.com>
References: <[🔎] CAOU6tAB9AuGLvDc3b6NJV0TRwUOnrMtErNmH1pCz4MLbpecQLQ@mail.gmail.com> <handler.1057179.B.17014096722969188.ack@bugs.debian.org> <[🔎] CAOU6tABSVhF0raE1Vq8iWvn2CWuSkk_JRFxbVLLWdOtheMyGpw@mail.gmail.com> <[🔎] CAOU6tAB9AuGLvDc3b6NJV0TRwUOnrMtErNmH1pCz4MLbpecQLQ@mail.gmail.com> <[🔎] CAOU6tAB+Wv0o+3SUwi3u3Ls2GGFJPi+10eRGnpU0LDGoEx1W7Q@mail.gmail.com> <[🔎] CAOU6tAB9AuGLvDc3b6NJV0TRwUOnrMtErNmH1pCz4MLbpecQLQ@mail.gmail.com>

Hi Otto,

On Sat, Dec 09, 2023 at 10:58:09PM +0800, Otto Kekäläinen wrote:
> Hi Debian security team!
> 
> MariaDB 1:10.11.6-1 entered Trixie only today after being stuck in
> pending migration since Nov 28th from unstable. This
> 1:10.11.6-0+deb12u1 missed the point update window.
> 
> Are you OK if we proceed with this as a security upload?

I do not think we really need that. There is only scarce informtaion
on the only CVE fixed, CVE-2023-22084, and the official description
seem to require a high privileged attacker.

But maybe you could reach out to MariaDB upstream so we can have a
better idea on the fixed issue?

I would suggest you just upload what you prepared to the
proposed-updates queues so it can exposed by further testing of the
release team tooling, and it will be included in the 12.4 point
release. 

That is not even a problem if there will be a later incremental update
on it.

Regards,
Salvatore

Reply to:

References:
- Bug#1057179: bookworm-pu: package mariadb-10.6 1:10.11.6-0+deb12u1
  - From: Otto Kekäläinen <otto@debian.org>
- Bug#1057179: Acknowledgement (bookworm-pu: package mariadb-10.6 1:10.11.6-0+deb12u1)
  - From: Otto Kekäläinen <otto@debian.org>
- Bug#1057179: Acknowledgement (bookworm-pu: package mariadb-10.6 1:10.11.6-0+deb12u1)
  - From: Otto Kekäläinen <otto@debian.org>

Prev by Date: Bug#1057179: Acknowledgement (bookworm-pu: package mariadb-10.6 1:10.11.6-0+deb12u1)
Next by Date: Bug#1057235: tzdata 2021a-1+deb11u11 flagged for acceptance
Previous by thread: Bug#1057179: Acknowledgement (bookworm-pu: package mariadb-10.6 1:10.11.6-0+deb12u1)
Next by thread: Bug#1057179: Acknowledgement (bookworm-pu: package mariadb-10.6 1:10.11.6-0+deb12u1)
Index(es):
- Date
- Thread