CVE-2017-15365: Replication in sql/event_data_objects.cc occurs before ACL checks
Bug #1740768 reported by
Otto Kekäläinen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mariadb-10.1 (Ubuntu) |
Fix Released
|
Undecided
|
Otto Kekäläinen |
Bug Description
https:/
The security notice above also affect MariaDB and the latest release includes fixes.
Oracle has not patched MySQL yet, so and there is no update for mysql-5.7, so no USN has been published yet.
I will produce a security release soon and attach more information to this bug report for:
- mariadb-10.1 in Zesty
- mariadb-10.1 in Artful
(mariadb-10.1 in Bionic can sync from Debian)
CVE References
description: | updated |
Changed in mariadb-10.0 (Ubuntu): | |
assignee: | nobody → Otto Kekäläinen (otto) |
affects: | mariadb-10.0 (Ubuntu) → mariadb-10.1 (Ubuntu) |
Changed in mariadb-10.1 (Ubuntu): | |
status: | New → In Progress |
To post a comment you must log in.
The 10.1 series update for 17.04 is now available.
Please use git-buildpackage to fetch and build from the ubuntu-17.04 branch at http:// anonscm. debian. org/cgit/ pkg-mysql/ mariadb- .git/log/ ?h=ubuntu- 17.04
The repository uses pristine-tar, so there is no need to separately download the sources. You can just check the signature/SHA1SUM directly from the git-buildpackage generated tarball.
Test builds and testsuite passed on all platforms at https:/ /launchpad. net/~mysql- ubuntu/ +archive/ ubuntu/ mariadb- 10.1/+builds? build_text= &build_ state=all
As a reminder, debdiffs can be browsed directly from the repo like this: /anonscm. debian. org/cgit/ pkg-mysql/ mariadb- 10.1.git/ diff/debian/ ?id=ubuntu/ 10.1.30- 0ubuntu0. 17.04.1& id2=ubuntu/ 10.1.25- 0ubuntu0. 17.04.1
https:/
Or in a local clone with 'git diff <tag1>..<tag2> debian/'
Security sponsor note these: https:/ /wiki.ubuntu. com/SecurityTea m/PublicationNo tes#Sponsoring_ MariaDB_ Security_ Updates