[debian-mysql] Bug#765664: Bug#765664: mariadb-5.5: Multiple security fixes from October 2014 CPU could affect MariaDB

Salvatore Bonaccorso carnil at debian.org
Tue Oct 21 20:53:20 UTC 2014


Hi Otto,

On Tue, Oct 21, 2014 at 10:06:58PM +0300, Otto Kekäläinen wrote:
> MariaDB has now pubished this page that tracks CVE (Oracle issued and
> others) to MariaDB releases, also post-release:
> https://mariadb.com/kb/en/mariadb/development/security/

Thanks for this notice, that indeed are great news. I put it on my
todo list to go trough it and see if our tracker information is up to
date with that.

> We are in the process of uploading MariaDB 10.0 to unstable very soon,
> and that will depricate MariaDB 5.5 so I do not plan to upload MariaDB
> 5.5.40 at the moment. If MariaDB 10.0 is stalled for some reason, I
> will upgrade and upload MariaDB 5.5.40 into unstable which will fix
> some security issues.

Take this as personal point of view so far: So the idea is to get
MariaDB 10 into Jessie? Note that the freeze is coming soon and any
new ustream version need to be in testing on 5th of november. AFAIR
from the last discussion in the "MySQL in Jessie" mail thread the idea
was to have MariaDB 5.5 in Jessie (mail from Colin Charles), stating
that EOL for it is in april 2017, and commitment to support it was
done also to Red Hat and SuSE. Thus my personal opinion: don't know if
that would be a good idea to try to push 10.x into Jessie at this
stage of the preparation for the Jessie release.

> From 5.5.40 on it seems the CVE information is also available in the
> release notes: https://mariadb.com/kb/en/mariadb/development/release-notes/mariadb-5540-release-notes/

Thank you, this as the first one is really helpful.

Regards,
Salvatore



More information about the pkg-mysql-maint mailing list