[Git][security-tracker-team/security-tracker][master] Reapply "MariaDB/MDEV-24176"
Bastien Roucariès (@rouca)
rouca at debian.org
Sun Sep 22 16:43:32 BST 2024
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits:
af109aa7 by Bastien Roucariès at 2024-09-22T15:42:59+00:00
Reapply "MariaDB/MDEV-24176"
This reverts commit d855200d8d05d9470a68d26d0c26ed32760c8709.
Virtual column changes needed for this security bug was introduced by 10.2, particularly
the support of virtual columns default.
Moreover exploit raise syntax error instead of SEGFAULT, due to syntax needed not supported
for 10.1
Tested in stretch chroot
Thanks to carnil and Beuc for improvement of this commit
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -199141,11 +199141,12 @@ CVE-2022-27456 (MariaDB Server v10.6.3 and below was discovered to contain an us
- mariadb-10.5 <removed>
[bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- - mariadb-10.1 <removed>
+ - mariadb-10.1 <not-affected> (vulnerable code not present; virtual column needed changes introduced in 10.2; moreover exploit does not work and fail with syntax error)
NOTE: Bug MariaDB: https://jira.mariadb.org/browse/MDEV-28093
NOTE: Bug MariaDB (main): https://jira.mariadb.org/browse/MDEV-24176
NOTE: Same fix than CVE-2022-27376, CVE-2022-27379, CVE-2022-27447, CVE-2022-27449, CVE-2022-27452
NOTE: Fixed in MariaDB version 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4
+ NOTE: Virtual column vulnerable code introduced in 10.2: https://mariadb.com/kb/en/changes-improvements-in-mariadb-10-2/
NOTE: Commit MariaDB [1/3] https://github.com/MariaDB/server/commit/c02ebf3510850ba78a106be9974c94c3b97d8585
NOTE: Commit MariaDB [2/3] https://github.com/MariaDB/server/commit/08c7ab404f69d9c4ca6ca7a9cf7eec74c804f917
NOTE: Commit MariaDB [3/3] https://github.com/MariaDB/server/commit/b3c3291f0b7c1623cb20663f7cf31b7f749768bc
@@ -199166,11 +199167,12 @@ CVE-2022-27452 (MariaDB Server v10.9 and below was discovered to contain a segme
- mariadb-10.5 <removed>
[bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- - mariadb-10.1 <removed>
+ - mariadb-10.1 <not-affected> (vulnerable code not present; virtual column needed changes introduced in 10.2; moreover exploit does not work and fail with syntax error)
NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-28090
NOTE: MariaDB main bug: https://jira.mariadb.org/browse/MDEV-24176
NOTE: Same fix than CVE-2022-27376, CVE-2022-27379, CVE-2022-27447, CVE-2022-27449, CVE-2022-27456
NOTE: Fixed in MariaDB 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4, 10.8.3
+ NOTE: Virtual column vulnerable code introduced in 10.2: https://mariadb.com/kb/en/changes-improvements-in-mariadb-10-2/
NOTE: MariaDB commit: [1/3] https://github.com/MariaDB/server/commit/c02ebf3510850ba78a106be9974c94c3b97d8585 (mariadb-10.3.35)
NOTE: MariaDB commit: [2/3] https://github.com/MariaDB/server/commit/08c7ab404f69d9c4ca6ca7a9cf7eec74c804f917 (mariadb-10.3.35)
NOTE: MariaDB commit: [3/3] https://github.com/MariaDB/server/commit/b3c3291f0b7c1623cb20663f7cf31b7f749768bc (mariadb-10.3.35)
@@ -199189,11 +199191,12 @@ CVE-2022-27449 (MariaDB Server v10.9 and below was discovered to contain a segme
- mariadb-10.5 <removed>
[bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- - mariadb-10.1 <removed>
+ - mariadb-10.1 <not-affected> (vulnerable code not present; virtual column needed changes introduced in 10.2; moreover exploit does not work and fail with syntax error)
NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-28089
NOTE: MariaDB main bug: https://jira.mariadb.org/browse/MDEV-24176
NOTE: Same fix than CVE-2022-27376, CVE-2022-27379, CVE-2022-27447, CVE-2022-27452, CVE-2022-27456
NOTE: Fixed in MariaDB 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4, 10.8.3
+ NOTE: Virtual column vulnerable code introduced in 10.2: https://mariadb.com/kb/en/changes-improvements-in-mariadb-10-2/
NOTE: MariaDB commit: [1/3] https://github.com/MariaDB/server/commit/c02ebf3510850ba78a106be9974c94c3b97d8585 (mariadb-10.3.35)
NOTE: MariaDB commit: [2/3] https://github.com/MariaDB/server/commit/08c7ab404f69d9c4ca6ca7a9cf7eec74c804f917 (mariadb-10.3.35)
NOTE: MariaDB commit: [3/3] https://github.com/MariaDB/server/commit/b3c3291f0b7c1623cb20663f7cf31b7f749768bc (mariadb-10.3.35)
@@ -199213,11 +199216,12 @@ CVE-2022-27447 (MariaDB Server v10.9 and below was discovered to contain a use-a
- mariadb-10.5 <removed>
[bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- - mariadb-10.1 <removed>
+ - mariadb-10.1 <not-affected> (vulnerable code not present; virtual column needed changes introduced in 10.2; moreover exploit does not work and fail with syntax error)
NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-28099
NOTE: MariaDB main bug: https://jira.mariadb.org/browse/MDEV-24176
NOTE: Same fix than CVE-2022-27376, CVE-2022-27379 and CVE-2022-27449, CVE-2022-27452, CVE-2022-27456
NOTE: Fixed in MariaDB 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4, 10.8.3
+ NOTE: Virtual column vulnerable code introduced in 10.2: https://mariadb.com/kb/en/changes-improvements-in-mariadb-10-2/
NOTE: MariaDB commit: [1/3] https://github.com/MariaDB/server/commit/c02ebf3510850ba78a106be9974c94c3b97d8585 (mariadb-10.3.35)
NOTE: MariaDB commit: [2/3] https://github.com/MariaDB/server/commit/08c7ab404f69d9c4ca6ca7a9cf7eec74c804f917 (mariadb-10.3.35)
NOTE: MariaDB commit: [3/3] https://github.com/MariaDB/server/commit/b3c3291f0b7c1623cb20663f7cf31b7f749768bc (mariadb-10.3.35)
@@ -199473,11 +199477,12 @@ CVE-2022-27379 (An issue in the component Arg_comparator::compare_real_fixed of
- mariadb-10.5 <removed>
[bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- - mariadb-10.1 <removed>
+ - mariadb-10.1 <not-affected> (vulnerable code not present; virtual column needed changes introduced in 10.2; moreover exploit does not work and fail with syntax error)
NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-26353
NOTE: MariaDB bug (main): https://jira.mariadb.org/browse/MDEV-24176
NOTE: Same fix than CVE-2022-27376, CVE-2022-27447, CVE-2022-27449, CVE-2022-27452, CVE-2022-27456
NOTE: Fixed in MariaDB version 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4
+ NOTE: Virtual column vulnerable code introduced in 10.2: https://mariadb.com/kb/en/changes-improvements-in-mariadb-10-2/
CVE-2022-27378 (An issue in the component Create_tmp_table::finalize of MariaDB Server ...)
{DLA-3114-1}
- mariadb-10.6 1:10.6.8-1
@@ -199504,12 +199509,13 @@ CVE-2022-27376 (MariaDB Server v10.6.5 and below was discovered to contain an us
- mariadb-10.5 <removed>
[bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- - mariadb-10.1 <removed>
+ - mariadb-10.1 <not-affected> (vulnerable code not present; virtual column needed changes introduced in 10.2; moreover exploit does not work and fail with syntax error)
NOTE: Bug MariaDB: https://jira.mariadb.org/browse/MDEV-26354
NOTE: Bug MariaDB (duplicate): https://jira.mariadb.org/browse/MDEV-26437
NOTE: Bug MariaDB (main): https://jira.mariadb.org/browse/MDEV-24176
NOTE: Same fix than CVE-2022-27379, CVE-2022-27447, CVE-2022-27449, CVE-2022-27452, CVE-2022-27456
NOTE: Fixed in MariaDB version 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4
+ NOTE: Virtual column vulnerable code introduced in 10.2: https://mariadb.com/kb/en/changes-improvements-in-mariadb-10-2/
NOTE: Commit MariaDB [1/3] https://github.com/MariaDB/server/commit/c02ebf3510850ba78a106be9974c94c3b97d8585
NOTE: Commit MariaDB [2/3] https://github.com/MariaDB/server/commit/08c7ab404f69d9c4ca6ca7a9cf7eec74c804f917
NOTE: Commit MariaDB [3/3] https://github.com/MariaDB/server/commit/b3c3291f0b7c1623cb20663f7cf31b7f749768bc
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af109aa75c83dd16087db02e8f48a74775a70586
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af109aa75c83dd16087db02e8f48a74775a70586
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240922/089f527c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list