new version fixes security issue (not yet know which one...) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15180 https://mariadb.com/kb/en/mariadb-10325-release-notes/
Updated mariadb packages fix security vulnerabilitiy: This update fixes a security vulnerabilitiy [1] References: [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15180 [2] https://mariadb.com/kb/en/mariadb-10325-release-notes/ ======================== Updated packages in core/updates_testing: ======================== mariadb-10.3.25-1.mga7 mysql-MariaDB-10.3.25-1.mga7 mariadb-feedback-10.3.25-1.mga7 mariadb-connect-10.3.25-1.mga7 mariadb-sphinx-10.3.25-1.mga7 mariadb-mroonga-10.3.25-1.mga7 mariadb-sequence-10.3.25-1.mga7 mariadb-spider-10.3.25-1.mga7 mariadb-extra-10.3.25-1.mga7 mariadb-obsolete-10.3.25-1.mga7 mariadb-core-10.3.25-1.mga7 mariadb-common-core-10.3.25-1.mga7 mariadb-common-10.3.25-1.mga7 mariadb-client-10.3.25-1.mga7 mariadb-bench-10.3.25-1.mga7 mariadb-pam-10.3.25-1.mga7 libmariadb3-10.3.25-1.mga7 libmariadb-devel-10.3.25-1.mga7 libmariadbd19-10.3.25-1.mga7 libmariadb-embedded-devel-10.3.25-1.mga7 mariadb-debugsource-10.3.25-1.mga7 mariadb-debuginfo-10.3.25-1.mga7 mariadb-feedback-debuginfo-10.3.25-1.mga7 mariadb-connect-debuginfo-10.3.25-1.mga7 mariadb-sphinx-debuginfo-10.3.25-1.mga7 mariadb-mroonga-debuginfo-10.3.25-1.mga7 mariadb-sequence-debuginfo-10.3.25-1.mga7 mariadb-spider-debuginfo-10.3.25-1.mga7 mariadb-extra-debuginfo-10.3.25-1.mga7 mariadb-obsolete-debuginfo-10.3.25-1.mga7 mariadb-core-debuginfo-10.3.25-1.mga7 mariadb-common-debuginfo-10.3.25-1.mga7 mariadb-client-debuginfo-10.3.25-1.mga7 mariadb-bench-debuginfo-10.3.25-1.mga7 mariadb-pam-debuginfo-10.3.25-1.mga7 libmariadb3-debuginfo-10.3.25-1.mga7 libmariadbd19-debuginfo-10.3.25-1.mga7 libmariadb-embedded-devel-debuginfo-10.3.25-1.mga7 Source RPMs: mariadb-10.3.25-1.mga7.src.rpm
Assignee: mageia => qa-bugs
when vulnerabilitiy is known, we can change the text, but I assume it is severe, so let's do qa, and maybe push it without knowing details (yet).
Mageia 7 x86_64 system. Update installed cleanly. After installing the update, ran "mysql_upgrade -u root -p" to ensure mysql tables are up to date. Used http://127.0.0.1/phpmyadmin to create a database, and a table with a couple of rows. Validating update.
CC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: (none) => MGA7-64-OKKeywords: (none) => validated_update
Keywords: (none) => advisory
Apparently this commit is the fix for the issue, and it's believed to be serious: https://github.com/MariaDB/server/commit/418850b2df4256da5a722288c2657650dc228842 It sounds like some sort of injection vulnerability.
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0382.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED