Comment 1 for bug 1538315

Otto Kekäläinen (otto) wrote :

Use uscan to get new upstream sources downloaded and signature verified automatically.

Remove the upstream provided debian/ directory and add the debian/* contents from the latest Ubuntu package.

Then apply the attached debdiff that updates the changelog and refreshes patches to match new upstream release.

Debdiff was created with command "git diff ubuntu/10.0.22-0ubuntu0.15.04.1..HEAD debian/ > 10.0.22-0ubuntu0.15.04.1..10.0.23-0ubuntu0.15.04.1.debdiff" in the official Debian packaging repository, branch ubuntu-15.04: http://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/log/?h=ubuntu-15.04

As the MariaDB version in vivid and wily is identical, this same patch can basically be applied on both (just adjust the release name).

Please check the excellent Debian CVE trackers for details about which CVE applies to which package. Note in particular that MariaDB 10.0.23 has this fixed but it still goes unfixed in MySQL releases: https://security-tracker.debian.org/tracker/CVE-2016-2047