[debian-mysql] Bug#905733: mariadb-10.3: CVE-2018-2767
Salvatore Bonaccorso
carnil at debian.org
Wed Aug 8 19:46:58 BST 2018
Source: mariadb-10.3
Version: 10.3.0-0+exp1
Severity: grave
Tags: security upstream fixed-upstream
Hi
As per http://www.openwall.com/lists/oss-security/2018/04/08/2,
MariaDB is similarly affected by CVE-2018-2767 . Upsream confirmed
that for MariaDB this means that if one connects to the remote server
using the embedded library (libmysqld), then SSL is not enforced.
Fixed as per upstream in
https://github.com/MariaDB/server/commit/f5369faf5bbf in 5.5.60,
10.0.35, 10.1.33, 10.2.15, and 10.3.7 .
Regards,
Salvatore
More information about the pkg-mysql-maint
mailing list