[debian-mysql] Bug#988428: Bug#988428: mariadb-10.5: CVE-2021-2154 CVE-2021-2166

Otto Kekäläinen otto at debian.org
Fri May 14 07:47:00 BST 2021


Hello!

Status summary:

* MariaDB 10.5 for Debian is pending at
https://salsa.debian.org/mariadb-team/mariadb-10.5/ since last weekend
but still waiting for contributions on
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988089, #976147 and
#977137.

* MariaDB 10.3 for Debian is pending at
https://salsa.debian.org/mariadb-team/mariadb-10.3/ since last weekend
but waiting for release team response on
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988255

* MariaDB 10.5 and 10.3 for Ubuntu have already been uploaded, as the
Ubuntu security team was quick to snap these up:
https://bugs.launchpad.net/ubuntu/+source/mariadb-10.5/+bug/1926926

* No regressions reported in Ubuntu, which makes it safer to upload
these to Debian too.

* Our extensive Salsa-CI has not shown any regressions at
https://salsa.debian.org/mariadb-team/mariadb-10.3/-/pipelines nor
https://salsa.debian.org/mariadb-team/mariadb-10.5/-/pipelines, nor
did the Launchpad builds fail

* Some of the recent CVE numbers in 2021 also apply for 10.1.48, which
was already uploaded to oldstable earlier, but I thought I would
mention this if you want to make sure the CVE tracking is correct. For
full list see https://mariadb.com/kb/en/security/

- Otto



More information about the pkg-mysql-maint mailing list