[Git][security-tracker-team/security-tracker][master] mariadb spu
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Dec 2 08:56:36 GMT 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8ccc01a3 by Moritz Mühlenhoff at 2022-12-02T09:56:15+01:00
mariadb spu
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -41311,6 +41311,7 @@ CVE-2022-32091 (MariaDB v10.7 was discovered to contain an use-after-poison in i
{DLA-3114-1}
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26431
CVE-2022-32090
@@ -41318,12 +41319,14 @@ CVE-2022-32090
CVE-2022-32089 (MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault ...)
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26410
CVE-2022-32088 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault ...)
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26419
NOTE: Fixed in: 10.2.44, 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4
@@ -41331,12 +41334,14 @@ CVE-2022-32087 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26437
NOTE: Fixed in: 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4
CVE-2022-32086 (MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26412
NOTE: Fixed in: 10.4.25, 10.5.16, 10.6.8, 10.7.4, 10.8.3
@@ -41344,6 +41349,7 @@ CVE-2022-32085 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26407
NOTE: Fixed in: 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4
@@ -41351,23 +41357,27 @@ CVE-2022-32084 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation
{DLA-3114-1}
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26427
CVE-2022-32083 (MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation faul ...)
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26047
NOTE: Fixed in: 10.2.44, 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4, 10.8.3
CVE-2022-32082 (MariaDB v10.5 to v10.7 was discovered to contain an assertion failure ...)
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <not-affected> (Only affects MariaDB 10.5 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26433
CVE-2022-32081 (MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison i ...)
- mariadb-10.6 1:10.6.9-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26420
CVE-2022-32080
@@ -55037,6 +55047,7 @@ CVE-2022-27458 (MariaDB Server v10.6.3 and below was discovered to contain an us
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-28099
@@ -55050,12 +55061,14 @@ CVE-2022-27456 (MariaDB Server v10.6.3 and below was discovered to contain an us
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-28093
CVE-2022-27455 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
- mariadb-10.1 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-28097
@@ -55067,12 +55080,14 @@ CVE-2022-27452 (MariaDB Server v10.9 and below was discovered to contain a segme
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-28090
CVE-2022-27451 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
- mariadb-10.1 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-28094
@@ -55082,6 +55097,7 @@ CVE-2022-27449 (MariaDB Server v10.9 and below was discovered to contain a segme
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-28089
@@ -55089,6 +55105,7 @@ CVE-2022-27448 (There is an Assertion failure in MariaDB Server v10.9 and below
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-28095
@@ -55096,12 +55113,14 @@ CVE-2022-27447 (MariaDB Server v10.9 and below was discovered to contain a use-a
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-28099
CVE-2022-27446 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
- mariadb-10.1 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-28082
@@ -55109,6 +55128,7 @@ CVE-2022-27445 (MariaDB Server v10.9 and below was discovered to contain a segme
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-28081
@@ -55116,6 +55136,7 @@ CVE-2022-27445 (MariaDB Server v10.9 and below was discovered to contain a segme
CVE-2022-27444 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
- mariadb-10.1 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-28080
@@ -55266,6 +55287,7 @@ CVE-2022-27387 (MariaDB Server v10.7 and below was discovered to contain a globa
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26422
@@ -55273,12 +55295,14 @@ CVE-2022-27386 (MariaDB Server v10.7 and below was discovered to contain a segme
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26406
CVE-2022-27385 (An issue in the component Used_tables_and_const_cache::used_tables_and ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <not-affected> (Only affects MariaDB 10.5 onwards)
- mariadb-10.1 <not-affected> (Only affects MariaDB 10.5 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26415
@@ -55286,6 +55310,7 @@ CVE-2022-27384 (An issue in the component Item_subselect::init_expr_cache_tracke
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26047
@@ -55299,6 +55324,7 @@ CVE-2022-27383 (MariaDB Server v10.6 and below was discovered to contain an use-
CVE-2022-27382 (MariaDB Server v10.7 and below was discovered to contain a segmentatio ...)
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <not-affected> (Only affects MariaDB 10.4 onwards)
- mariadb-10.1 <not-affected> (Only affects MariaDB 10.4 onwards)
NOTE: https://jira.mariadb.org/browse/MDEV-26402
@@ -55306,6 +55332,7 @@ CVE-2022-27381 (An issue in the component Field::set_default of MariaDB Server v
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26061
@@ -55313,6 +55340,7 @@ CVE-2022-27380 (An issue in the component my_decimal::operator= of MariaDB Serve
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26280
@@ -55320,6 +55348,7 @@ CVE-2022-27379 (An issue in the component Arg_comparator::compare_real_fixed of
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26353
@@ -55327,6 +55356,7 @@ CVE-2022-27378 (An issue in the component Create_tmp_table::finalize of MariaDB
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26423
@@ -55334,6 +55364,7 @@ CVE-2022-27377 (MariaDB Server v10.6.3 and below was discovered to contain an us
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26281
@@ -55341,6 +55372,7 @@ CVE-2022-27376 (MariaDB Server v10.6.5 and below was discovered to contain an us
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
- mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Will be fixed via spu)
- mariadb-10.3 <removed>
- mariadb-10.1 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-26354
=====================================
data/next-point-update.txt
=====================================
@@ -90,3 +90,71 @@ CVE-2022-38850
[bullseye] - mplayer 2:1.4+ds1-1+deb11u1
CVE-2022-46338
[bullseye] - g810-led 0.4.2-1+deb11u1
+CVE-2022-32081
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-32082
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-32084
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-32089
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-32091
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2021-46669
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27376
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27377
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27378
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27379
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27380
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27381
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27382
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27383
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27384
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27386
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27387
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27444
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27445
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27446
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27447
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27448
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27449
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27451
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27452
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27455
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27456
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27457
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-27458
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-32083
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-32085
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-32086
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-32087
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
+CVE-2022-32088
+ [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ccc01a3cc6be7537d3aa9b30ed84953ced70fd6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ccc01a3cc6be7537d3aa9b30ed84953ced70fd6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221202/bfe5fc7d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list