[debian-mysql] Bug#775882: Bug#775882: mariadb-10.0: affected by CVEs of the Oracle Patch Update for January 2015?
Otto Kekäläinen
otto at seravo.fi
Mon Jan 26 19:03:28 UTC 2015
The page https://mariadb.com/kb/en/security/ has updated and includes
info about these latest CVEs.
It seems most issues were fixed in 5.5.41/10.0.16.
One was for 5.5.39/10.0.13.
10.0.16 hasn't been yet released, but I'll expect it is released soon
and I will try to be as fast as possible in updating the package in
Debian once the .16 release is out.
CVE-2015-0385 and CVE-2015-0409 are not listed in the MariaDB security
list. I've sent email asking about their status and I'll track the
results in this bug report.
Here is some background info about the CVE status by a MariaDB core
developer: https://lists.launchpad.net/maria-discuss/msg02153.html
More information about the pkg-mysql-maint
mailing list