[debian-mysql] Bug#885345: Bug#885345: mariadb-10.1: CVE-2017-15365: Replication in sql/event_data_objects.cc occurs before ACL checks
Otto Kekäläinen
otto at debian.org
Fri Dec 29 12:22:19 UTC 2017
FYI, I have been working on this since yesterday, but there is a lot
of things to clean up / fix due to upstream Debian packaging changes
in a stable release, packaging changes by Ondrej in our Debian
packaging git repo so I need to adapt a new workflow for myself, and
then the fact that 10.1.29 was made and git committed for stable point
release upload, but it wasn't accepted.
(release team didn't respond to Ondrej's last message on Dec 11th at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882909)
So things are in progress but moving slowly unfortunately..
2017-12-26 16:15 GMT+02:00 Salvatore Bonaccorso <carnil at debian.org>:
> Source: mariadb-10.1
> Version: 1:10.1.29-6
> Severity: important
> Tags: security upstream fixed-upstream
> Control: found -1 10.1.23-1
>
>
> Hi,
>
> the following vulnerability was published for mariadb-10.1, this is
> fixed in 10.1.30.
>
> CVE-2017-15365[0]:
> Replication in sql/event_data_objects.cc occurs before ACL checks
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2017-15365
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15365
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1524234
>
> Please adjust the affected versions in the BTS as needed.
More information about the pkg-mysql-maint
mailing list