Univention Bugzilla – Bug 53473
mariadb-10.3: Multiple issues (5.0)
Last modified: 2021-06-30 18:54:26 CEST
New Debian mariadb-10.3 1:10.3.29-0+deb10u1 fixes: This update addresses the following issues: * Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154) * Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166) * writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user (CVE-2021-27928)
--- mirror/ftp/pool/main/m/mariadb-10.3/mariadb-10.3_10.3.27-0+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/mariadb-10.3_10.3.29-0+deb10u1.dsc @@ -1,3 +1,22 @@ +1:10.3.29-0+deb10u1 [Sun, 09 May 2021 20:06:52 -0700] Otto Kekäläinen <otto@debian.org>: + + [ Otto Kekäläinen ] + * SECURITY UPDATE: New upstream version 10.3.29. Includes fixes for the + following security vulnerabilities: + - CVE-2021-2154 + - CVE-2021-2166 + * Previous release 10.3.28 included fixes for: + - CVE-2021-27928 + * Remove patch regarding a test now removed by upstream (MDEV-22653). + * Remove obsolete sql file removed by upstream (MDEV-24586). + * Update symbols to include new one from MariaDB Client 3.1.13 + * Innotop: Add support for MariaDB 10.3 (Closes: #941986) + * Upstream release includes fix for MDEV-24194: "Invalid syntax errors on + syntax WHERE `field` IS NULL = 0" (Closes: #977383) + + [ Daniel Black ] + * Add caching_sha2_password.so (Closes: #962597) + 1:10.3.27-0+deb10u1 [Wed, 25 Nov 2020 11:50:19 +0200] Otto Kekäläinen <otto@debian.org>: * New upstream version 10.3.27. Includes fixes to serious regressions in @@ -9,6 +28,7 @@ - CVE-2020-14789 - CVE-2020-14776 - CVE-2020-14765 + - CVE-2021-2194 * Upstream 10.3.26 included: - Fix mytop shebang (Closes: #972780, Closes: #970681) * Remove 3 patches applied upstream. <http://piuparts.knut.univention.de/5.0-0/#4601835329427924619>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts IGN mariadb-plugin-mroonga IGN mariadb-plugin-spider leave behind files on package removal. No regression compared to <http://piuparts.knut.univention.de/4.4-7/#7642076831697752583>
<https://errata.software-univention.de/#/?erratum=5.0x38>