[Git][security-tracker-team/security-tracker][master] CVE-2022-27386/mariadb not affected

Sat Aug 24 08:37:07 BST 2024


Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
51eb42e2 by Bastien Roucariès at 2024-08-24T07:32:32+00:00
CVE-2022-27386/mariadb not affected

Test of POC does not coredump:
-- /builds/lts-team/packages/mariadb-10.1/debian/output/source_dir/mysql-test/r/func_default.result	2024-08-23 22:43:13.000000000 +0000
+++ /builds/lts-team/packages/mariadb-10.1/debian/output/source_dir/mysql-test/r/func_default.reject	2024-08-23 22:58:10.083269449 +0000
@@ -34,8 +34,8 @@
 NULL
 select default(a) = now() from v2;
 default(a) = now()
-1
-1
+NULL
+NULL
 select table_name,is_updatable from information_schema.views;
 table_name	is_updatable
 v1	NO
@@ -46,17 +46,19 @@
 show create table t1;
 Table	Create Table
 t1	CREATE TABLE `t1` (
-  `v1` timestamp NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(),
+  `v1` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
   `x` varchar(1) NOT NULL
 ) ENGINE=MyISAM DEFAULT CHARSET=latin1
 select default(v1) from (select v1 from t1) dt;
 default(v1)
-2001-01-01 10:20:30
+0000-00-00 00:00:00
 select default(v1) from (select v1 from t1 group by v1) dt;
 default(v1)
 0000-00-00 00:00:00
 drop table t1;
 create table t1 (a text default '');
+Warnings:
+Warning	1101	BLOB/TEXT column 'a' can't have a default value
 create algorithm=temptable view v1 as select * from t1;
 insert into t1 values ('a');
 select default(a) from v1;
mysqltest: Result length mismatch

Moreover fix is not backportable due to missing member:
/builds/lts-team/packages/mariadb-10.1/debian/output/source_dir/sql/sql_select.cc:16091:38: error: 'class Field' has no member named 'default_value'
     new_field->vcol_info= new_field->default_value=
                                      ^~~~~~~~~~~~~
/builds/lts-team/packages/mariadb-10.1/debian/output/source_dir/sql/sql_select.cc:16092:18: error: 'class Field' has no member named 'check_constraint'; did you mean 'Subst_constraint'?
       new_field->check_constraint= 0;
                  ^~~~~~~~~~~~~~~~

According to changelog https://mariadb.com/kb/en/changes-improvements-in-mariadb-10-2/ BLOB default and table default is a 10.2 feature.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -193411,10 +193411,11 @@ CVE-2022-27386 (MariaDB Server v10.7 and below was discovered to contain a segme
 	- mariadb-10.5 <removed>
 	[bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
 	- mariadb-10.3 <removed>
-	- mariadb-10.1 <removed>
+	- mariadb-10.1 <not-affected>
 	NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-26406
 	NOTE: MariaDB main bug: https://jira.mariadb.org/browse/MDEV-21028
 	NOTE: MariaDB commit: https://github.com/MariaDB/server/commit/5ba77222e9fe7af8ff403816b5338b18b342053c (mariadb-10.3.35)
+	NOTE: POC does not coredump for mariadb10.1 and warn about not supported default column
 CVE-2022-27385 (An issue in the component Used_tables_and_const_cache::used_tables_and ...)
 	- mariadb-10.6 1:10.6.8-1
 	- mariadb-10.5 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51eb42e26a5819ac16080ae34332d476b5883d06

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51eb42e26a5819ac16080ae34332d476b5883d06
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240824/6818e656/attachment.htm>
