USN-2575-1: MySQL vulnerabilities partially also applies to MariaDB
Bug #1451677 reported by
Otto Kekäläinen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mariadb-10.0 (Ubuntu) |
Fix Released
|
Medium
|
Tyler Hicks | ||
mariadb-5.5 (Ubuntu) |
Fix Released
|
Undecided
|
Otto Kekäläinen |
Bug Description
The mentioned security notice also affect MariaDB and the latest release includes fixes.
From https:/
Fixes for the following security vulnerabilities:
CVE-2015-0501
CVE-2015-2571
CVE-2015-0505
CVE-2015-0499
I will produce a security release and upload it as a patch to this bug report.
information type: | Private Security → Public Security |
description: | updated |
Changed in mariadb-5.5 (Ubuntu): | |
status: | New → Confirmed |
Changed in mariadb-5.5 (Ubuntu): | |
assignee: | nobody → Otto Kekäläinen (otto) |
To post a comment you must log in.
The 14.04 patch is now done. You can view the whole diff from current Ubuntu 14.04 MariaDB 5.5.41 release to 5.5.43 at https:/ /github. com/ottok/ mariadb- 5.5/compare/ ubuntu/ 5.5.41- 1ubuntu0. 14.04.1. ..ubuntu- 14.04
For a diff that only includes the changed for debian/* files after importing upstream 5.5.43 on the base, see https:/ /github. com/ottok/ mariadb- 5.5/compare/ f7f0aa7dc852bde cd2ec6e619aa5fc 8c200af770. ..ubuntu- 14.04
You can download it as a diff from the URL: /github. com/ottok/ mariadb- 5.5/compare/ f7f0aa7dc852bde cd2ec6e619aa5fc 8c200af770. ..ubuntu- 14.04.diff
https:/
This is the debdiff you should apply on top of the current 5.5.41 package in Ubuntu and for the non debian/* stuff, get the upstream mariadb- 5.5.41. tar.gz package from MariaDB.org (use uscan with pgp signature checking, the package supports it).
Successful public build available (and also installable from the PPA) at https:/ /launchpad. net/~mysql- ubuntu/ +archive/ ubuntu/ mariadb/ +builds? build_text= &build_ state=all
Note: I haven't actually tested installs or upgrades yet, but as you can see in the debdiff there are no changes to control files or install scripts.
Next I'll do the same for 14.10.