[debian-mysql] Bug#905733: mariadb-10.3: CVE-2018-2767
carnil at debian.org
Wed Aug 8 19:46:58 BST 2018
Tags: security upstream fixed-upstream
As per http://www.openwall.com/lists/oss-security/2018/04/08/2,
MariaDB is similarly affected by CVE-2018-2767 . Upsream confirmed
that for MariaDB this means that if one connects to the remote server
using the embedded library (libmysqld), then SSL is not enforced.
Fixed as per upstream in
https://github.com/MariaDB/server/commit/f5369faf5bbf in 5.5.60,
10.0.35, 10.1.33, 10.2.15, and 10.3.7 .
More information about the pkg-mysql-maint