Bug 23213

Summary:	mariadb several new security issues
Product:	Mageia	Reporter:	David Walser <luigiwalser>
Component:	Security	Assignee:	Marc Krämer <mageia>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	normal
Priority:	Normal	CC:	alien, geiger.david68210, mageia, marja11, mhrambo3501
Version:	Cauldron
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:
Source RPM:	mariadb-10.2.14-3.mga7.src.rpm	CVE:
Status comment:

Description David Walser 2018-06-21 00:17:17 CEST

MariaDB 10.2.15 was released on May 17:
https://mariadb.org/mariadb-10-2-15-and-mariadb-connector-j-2-2-4-now-available/
https://mariadb.com/kb/en/library/mariadb-10215-release-notes/

Corresponding Oracle CPU:
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL

Comment 1 David Walser 2018-06-21 00:17:42 CEST

Fedora has issued an advisory for this today (June 20):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/URT2E3H3SHHUPWOZR3UMN3DFK7WUGAYI/

Comment 2 Marja Van Waes 2018-06-21 08:00:19 CEST

Assigning to all packagers collectively, since the registered maintainer for this package might still be unavailable.

Also CC'ing some committers, including the registered maintainer.

CC: (none) => alien, geiger.david68210, mageia, marja11, mrambo
Assignee: bugsquad => pkg-bugs

Marc Krämer 2018-06-21 23:00:03 CEST

Assignee: pkg-bugs => mageia

Comment 3 Marc Krämer 2018-06-21 23:27:37 CEST

Build is running. I've stumbled across this message
"The MariaDB Foundation is pleased to announce the availability of MariaDB 10.3.7, the first stable release in the MariaDB 10.3 series."

What do you think, should we update mariadb to 10.3 series in cauldron?

Comment 4 David Walser 2018-06-22 00:21:24 CEST

Sure.

Comment 5 David Walser 2018-06-22 12:28:26 CEST

Fixed in mariadb-10.2.15-1.mga7.  Thanks.

Resolution: (none) => FIXED
Status: NEW => RESOLVED