[debian-mysql] MariaDB 10.1.38 update pending

Moritz Muehlenhoff jmm at inutil.org
Fri Feb 22 13:31:59 GMT 2019


On Fri, Feb 22, 2019 at 01:29:35PM +0200, Otto Kekäläinen wrote:
> Hello!
> 
> su 10. helmik. 2019 klo 13.32 Otto Kekäläinen (otto at debian.org) kirjoitti:
> >
> > Anyway, regardless of what you want to to, the MariaDB 10.1.38 without
> > any extras is available at
> > https://salsa.debian.org/mariadb-team/mariadb-10.1/commits/stretch
> > with everything set for upload if you want to make a security upload.
> > Gitlab-CI tests pass and it was already uploaded to Ubuntu 18.04 and
> > no regressions have been found.
> >
> > If we want to postpone this to next stable update and put in some
> > extra bugfixing patches, then that is fine by me. Those patches would
> > go anyway on top of what is in Stretch branch of mariadb-10.1 now.
> 
> I tried to research on Feb 10-11th when the next Stretch update is
> scheduled for, but I didn't find any dates announced. Then it was
> however released last weekend. If I would have known that I would have
> pushed this into a stable update..
> Please let me know if there is a stable updates schedule somewhere.
> 
> In https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920933 Salvatore
> considered those CVE's grave, so I think this should go in as a
> security update to Stretch.

The severity with which bugs are filed is unrelated to the decision of
what to address in a DSA.

I really don't understand why Mariadb cannot provide proper security bug
information. Are those security fixes inherited from Oracle/MySQL in
some way?

Cheers,
        Moritz



More information about the pkg-mysql-maint mailing list