Univention Bugzilla – Full Text Bug Listing |
Summary: | mariadb-10.1: Multiple issues (4.3) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.3 | ||
Target Milestone: | UCS 4.3-4-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 6.5 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) |
Description
Quality Assurance
2019-04-29 07:57:35 CEST
--- mirror/ftp/4.3/unmaintained/4.3-3/source/mariadb-10.1_10.1.37-0+deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-4/source/mariadb-10.1_10.1.38-0+deb9u1.dsc @@ -1,7 +1,26 @@ +10.1.38-0+deb9u1 [Tue, 16 Apr 2019 14:56:50 +0300] Otto Kekäläinen <otto@debian.org>: + + * SECURITY UPDATE: New upstream release 10.1.38. Includes fixes for + the following security vulnerabilities (Closes: #920933): + - CVE-2019-2537 + - CVE-2019-2529 + * Update correct branch name in gbp.conf + * Disable test unit.pcre_test on s390x that was failing in stretch-security + (Closes: #920854) + * Limit build test suite to 'main' like in mariadb-10.3 to make unnecessary + build failures less likely in lifetime of Stretch. + * Fix mips compilation failure (__bss_start symbol missing) (Closes: #920855) + * Extend the server README to clarify common misunderstandings + (Closes: #878215) + * Enable ccache in CMake path so it can be used automatically where available + * Heavily refactor and unify gitlab-ci.yml MariaDB install/upgrade steps. + This ensures uploads to Stretch are much more safer to do now than in the + past. + 10.1.37-0+deb9u1 [Wed, 08 Aug 2018 19:32:41 +0300] Otto Kekäläinen <otto@debian.org>: * SECURITY UPDATE: New upstream release 10.1.37. Includes fixes for - the following security vulnerabilities (Closes: #912848); + the following security vulnerabilities (Closes: #912848): - CVE-2018-3282 - CVE-2018-3251 - CVE-2018-3174 @@ -14,6 +33,9 @@ * Physically remove patches no longer in series and not applied anyway * Fix wrong-path-for-interpreter in innotop script to make package Lintian error free as pass CI systems fully + * Previous upstream version 10.1.36 included fixes for the following + security vulnerabilities: + - CVE-2019-2503 * Previous upstream version 10.1.35 included fixes for the following security vulnerabilities: - CVE-2018-3066 <http://10.200.17.11/4.3-4/#8276844549449548383> OK: yaml OK: announce_errata OK: patch ~OK: piuparts Plugins do not properly cleanup themselves from DB on uninstall [4.3-4] 5d52f753c8 Bug #49362: mariadb-10.1 10.1.38-0+deb9u1 doc/errata/staging/mariadb-10.1.yaml | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) [4.3-4] 4bd66ebe26 Bug #49362: mariadb-10.1 10.1.38-0+deb9u1 doc/errata/staging/mariadb-10.1.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) |