CVE-2017-15365: Replication in sql/event_data_objects.cc occurs before ACL checks

The 10.1 series update for 17.04 is now available.

Please use git-buildpackage to fetch and build from the ubuntu-17.04 branch at http://anonscm.debian.org/cgit/pkg-mysql/mariadb-.git/log/?h=ubuntu-17.04

The repository uses pristine-tar, so there is no need to separately download the sources. You can just check the signature/SHA1SUM directly from the git-buildpackage generated tarball.

Test builds and testsuite passed on all platforms at https://launchpad.net/~mysql-ubuntu/+archive/ubuntu/mariadb-10.1/+builds?build_text=&build_state=all

As a reminder, debdiffs can be browsed directly from the repo like this:
https://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.1.git/diff/debian/?id=ubuntu/10.1.30-0ubuntu0.17.04.1&id2=ubuntu/10.1.25-0ubuntu0.17.04.1

Or in a local clone with 'git diff <tag1>..<tag2> debian/'

Security sponsor note these: https://wiki.ubuntu.com/SecurityTeam/PublicationNotes#Sponsoring_MariaDB_Security_Updates

The 10.1 series update for 17.10 is now available.

Please use git-buildpackage to fetch and build from the ubuntu-17.10 branch at http://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.1.git/log/?h=ubuntu-17.10

The repository uses pristine-tar, so there is no need to separately download the sources. You can just check the signature/SHA1SUM directly from the git-buildpackage generated tarball.

Test builds and testsuite passed on all platforms at https://launchpad.net/~mysql-ubuntu/+archive/ubuntu/mariadb-10.1/+builds?build_text=&build_state=all

As a reminder, debdiffs can be browsed directly from the repo like this:
https://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.1.git/diff/debian/?id=ubuntu/10.1.30-0ubuntu0.17.10.1&id2=debian/10.1.25-1

Note that the changes seem big, but most of it is due to refresh of patches (done by Ondrej Sury) which simply must be done for the new upstream release to work. Also due to usage of --fail-missing the new files added by upstream have been included.

Or in a local clone with 'git diff <tag1>..<tag2> debian/'

Security sponsor note these: https://wiki.ubuntu.com/SecurityTeam/PublicationNotes#Sponsoring_MariaDB_Security_Updates

This bug was fixed in the package mariadb-10.1 - 10.1.30-0ubuntu0.17.10.1

---------------
mariadb-10.1 (10.1.30-0ubuntu0.17.10.1) artful-security; urgency=high

  [ Otto Kekäläinen ]
  * SECURITY UPDATE: New upstream release 10.1.30. Includes fixes for
    the following security vulnerabilities (LP: #1740768)
    - CVE-2017-15365
  * Previous release 10.1.29 included included fixes for
    the following security vulnerabilities:
    - CVE-2017-10378
    - CVE-2017-10268
    - MDEV-13819
  * Previous release 10.1.26 included included fixes for
    - CVE-2017-10384
    - CVE-2017-10379
    - CVE-2017-10286
    - CVE-2017-3636
    - CVE-2017-3641
    - CVE-2017-3653
  * Delete unnecessary systemd files introduced by upstream

  [ Vicentiu Ciorbaru ]
  * Fix Mroonga compilation failure on arm64

 -- Otto Kekäläinen <email address hidden> Tue, 02 Jan 2018 13:51:23 +0200

This update appears to regress mariadb-10.1 autopkgtests.

Please see - https://bugs.launchpad.net/ubuntu/+source/mariadb-10.1/+bug/1757107

the systemd mariadb unit is not started upon package installation.