[debian-mysql] Bug#961849: Bug#961849: mariadb-10.3: CVE-2020-2814 CVE-2020-2812 CVE-2020-2760 CVE-2020-2752
otto at debian.org
Sat May 30 20:57:07 BST 2020
Because of the vagueness of Oracle CVEs, I cannot judge if this
warrants a DSA or not.
I am happy to prepare a security update for you if you so request.
Currently https://release.debian.org/ states:
> stable (10.5) Not yet planned
> oldstable (9.13) Not yet planned
..so I will not rush to make stable update preparations.
I am currently preparing MariaDB 10.4/10.5 for unstable, so there will
not be a MariaDB 10.3 upload to unstable anymore. I am happy to do
stable updates on your request for 10.3 and 10.1.
Related: Currently the CVE
https://security-tracker.debian.org/tracker/CVE-2020-13249 is marked
to apply to MariaDB 10.1. That version however does not include
libmariadb3, so I think it does not apply there.
More information about the pkg-mysql-maint