[debian-mysql] Bug#905733: mariadb-10.3: CVE-2018-2767

Salvatore Bonaccorso carnil at debian.org
Wed Aug 8 19:46:58 BST 2018

Source: mariadb-10.3
Version: 10.3.0-0+exp1
Severity: grave
Tags: security upstream fixed-upstream


As per http://www.openwall.com/lists/oss-security/2018/04/08/2,
MariaDB is similarly affected by CVE-2018-2767 . Upsream confirmed
that for MariaDB this means that if one connects to the remote server
using the embedded library (libmysqld), then SSL is not enforced.

Fixed as per upstream in
https://github.com/MariaDB/server/commit/f5369faf5bbf in 5.5.60,
10.0.35, 10.1.33, 10.2.15, and 10.3.7 .


More information about the pkg-mysql-maint mailing list