[debian-mysql] Bug#1034889: mariadb: CVE-2022-47015

Salvatore Bonaccorso carnil at debian.org
Mon May 15 20:44:12 BST 2023


Hi Otto,

On Sun, May 14, 2023 at 10:17:06PM -0700, Otto Kekäläinen wrote:
> Hi!
> 
> New upstream import has been done and is pending at
> https://salsa.debian.org/mariadb-team/mariadb-10.5/-/commits/bullseye
> 
> Additionally I have
> https://salsa.debian.org/mariadb-team/mariadb-10.5/-/merge_requests/14
> (#1035949) pending review as we might want to include it in the same
> upload.
> 
> Judging on notes at
> https://security-tracker.debian.org/tracker/CVE-2022-47015 it might be
> that Debian security does not consider this fix urgent, and we might
> want instead to wait for the next stable release of Debian 11
> "Bullseye", although no date fo 11.8 is yet up at
> https://release.debian.org/.

Yes, an  updat through a future bullseye point release is enough I
believe and welcome. Remember you can upload multiple versions for a
point release, means you can already ask for upload for what you have.
This indeed gives additional chances that people pre-testing
propoosed-updates test the update as well (and if it's the case notice
problems). You do not need to wait for a 11.8 date to be announced.

Regards,
Salvatore



More information about the pkg-mysql-maint mailing list