[debian-mysql] Bug#905733: mariadb-10.3: CVE-2018-2767

Salvatore Bonaccorso carnil at debian.org
Wed Aug 8 19:46:58 BST 2018


Source: mariadb-10.3
Version: 10.3.0-0+exp1
Severity: grave
Tags: security upstream fixed-upstream

Hi

As per http://www.openwall.com/lists/oss-security/2018/04/08/2,
MariaDB is similarly affected by CVE-2018-2767 . Upsream confirmed
that for MariaDB this means that if one connects to the remote server
using the embedded library (libmysqld), then SSL is not enforced.

Fixed as per upstream in
https://github.com/MariaDB/server/commit/f5369faf5bbf in 5.5.60,
10.0.35, 10.1.33, 10.2.15, and 10.3.7 .

Regards,
Salvatore



More information about the pkg-mysql-maint mailing list