Bug 50863 - mariadb-10.1: Multiple issues (4.4)
mariadb-10.1: Multiple issues (4.4)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.4
All Linux
: P3 normal (vote)
: UCS 4.4-3-errata
Assigned To: Quality Assurance
Philipp Hahn
:
: 50902 (view as bug list)
Depends on:
Blocks: 50876
  Show dependency treegraph
 
Reported: 2020-02-27 15:30 CET by Quality Assurance
Modified: 2020-03-11 14:41 CET (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 6.5 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2020-02-27 15:30:56 CET
New Debian mariadb-10.1 10.1.44-0+deb9u1 fixes:
This update addresses the following issues:
* Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974)
* C API unspecified vulnerability (CVE-2020-2574)
Comment 1 Quality Assurance univentionstaff 2020-02-27 16:00:17 CET
--- mirror/ftp/4.4/unmaintained/4.4-2/source/mariadb-10.1_10.1.41-0+deb9u1.dsc
+++ apt/ucs_4.4-0-errata4.4-3/source/mariadb-10.1_10.1.44-0+deb9u1.dsc
@@ -1,3 +1,15 @@
+10.1.44-0+deb9u1 [Thu, 30 Jan 2020 10:21:11 +0200] Otto Kekäläinen <otto@debian.org>:
+
+  * SECURITY UPDATE: New upstream version 10.1.44. Includes fixes for the
+    following security vulnerabilities:
+    - CVE-2020-2574
+  * Previous upstream version 10.1.43 includes a fix for a
+    regression introduced in the previous release:
+    - MDEV-20987: InnoDB fails to start when FTS table has FK relation
+  * Previous release 10.1.42 includes fix for the following security
+    vulnerability:
+    - CVE-2019-2974
+
 10.1.41-0+deb9u1 [Fri, 02 Aug 2019 18:10:23 +0100] Otto Kekäläinen <otto@debian.org>:
 
   * SECURITY UPDATE: New upstream version 10.1.41. Includes fixes for the

<http://10.200.17.11/4.4-3/#6109286695012299530>
Comment 2 Philipp Hahn univentionstaff 2020-03-09 10:38:40 CET
*** Bug 50902 has been marked as a duplicate of this bug. ***
Comment 3 Philipp Hahn univentionstaff 2020-03-09 13:06:01 CET
OK: yaml
OK: announce_errata
OK: patch
~OK: piuparts
 purge test failes due to unowned files
OK: univention-install univention-mariadb

[4.4-3] 132930b6a8 Bug #50863: mariadb-10.1 10.1.44-0+deb9u1
 doc/errata/staging/mariadb-10.1.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

[4.4-3] 0a0a1d9484 Bug #50863: mariadb-10.1 10.1.44-0+deb9u1
 doc/errata/staging/mariadb-10.1.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
Comment 4 Erik Damrose univentionstaff 2020-03-11 14:41:54 CET
<http://errata.software-univention.de/ucs/4.4/478.html>