Bug#1057179: Acknowledgement (bookworm-pu: package mariadb-10.6 1:10.11.6-0+deb12u1)
Hi Otto,
On Sat, Dec 09, 2023 at 10:58:09PM +0800, Otto Kekäläinen wrote:
> Hi Debian security team!
>
> MariaDB 1:10.11.6-1 entered Trixie only today after being stuck in
> pending migration since Nov 28th from unstable. This
> 1:10.11.6-0+deb12u1 missed the point update window.
>
> Are you OK if we proceed with this as a security upload?
I do not think we really need that. There is only scarce informtaion
on the only CVE fixed, CVE-2023-22084, and the official description
seem to require a high privileged attacker.
But maybe you could reach out to MariaDB upstream so we can have a
better idea on the fixed issue?
I would suggest you just upload what you prepared to the
proposed-updates queues so it can exposed by further testing of the
release team tooling, and it will be included in the 12.4 point
release.
That is not even a problem if there will be a later incremental update
on it.
Regards,
Salvatore
Reply to: