Upstream has released MariaDB 10.1.24 on May 31: https://mariadb.com/kb/en/mariadb/mariadb-10124-release-notes/ Fedora has issued an advisory for this today (June 16): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MDVYS43SNVTIM4TF72GOUFHSEEXCOV6N/ Their advisory claims it fixes some CVEs, though the MariaDB release notes don't list those (yet?). Perhaps they were fixed in one of the previously releases, as Fedora is updating from 10.1.21: CVE-2017-3313 CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 However, their git log also mentions CVE-2017-3265, fixed in a downstream script, mariadb-prepare-db-dir. We have a mysqld-prepare-db-dir that isn't exactly the same, but is very similar and probably has a common ancestor. Furthermore, it is probably affected by whatever the security issue was and needs to be updated similarly.
Update to 10.1.24 in Cauldron SVN, but files list probably still needs to be updated, and the mysqld-prepare-db-dir still needs to be fixed.
Assigning to the registered maintainer, but CC'ing all packagers collectively, in case the maintainer is unavailable.
Assignee: bugsquad => alienCC: (none) => marja11, pkg-bugs
Status comment: (none) => Issue in downstream script needs to be fixed manually
Fixed for Cauldron in mariadb-10.1.24-1.mga6 currently building
Version: Cauldron => 5CC: (none) => tmb
Fixed in mariadb-10.1.24-1.mga6. Thanks Thomas!
Status: NEW => RESOLVEDResolution: (none) => FIXEDVersion: 5 => Cauldron