USN-3459-1: partially applies to MariaDB too

Bug #1740608 reported by Otto Kekäläinen on 2017-12-30
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mariadb-10.0 (Ubuntu)
Undecided
Unassigned
mariadb-5.5 (Ubuntu)
Medium
Otto Kekäläinen

Bug Description

https://usn.ubuntu.com/usn/usn-3459-1/

The security notice above also affect MariaDB and the latest release includes fixes.

I will produce a security release soon and attach more information to this bug report for:
 - mariadb-5.5 in Trusty

Otto Kekäläinen (otto) on 2017-12-30
Changed in mariadb-5.5 (Ubuntu):
importance: Undecided → Medium
assignee: nobody → Otto Kekäläinen (otto)
Otto Kekäläinen (otto) wrote :

The 5.5 series update for 14.04 is now available.

Please use git-buildpackage to fetch and build from the ubuntu-14.04 branch at http://anonscm.debian.org/cgit/pkg-mysql/mariadb-5.5.git/log/?h=ubuntu-14.04

The repository uses pristine-tar, so there is no need to separately download the sources. You can just check the signature/SHA1SUM directly from the git-buildpackage generated tarball.

Test builds and testsuite passed on all platforms at https://launchpad.net/~mysql-ubuntu/+archive/ubuntu/mariadb/+builds?build_text=&build_state=all

As a reminder, debdiffs can be browsed directly from the repo like this:
https://anonscm.debian.org/cgit/pkg-mysql/mariadb-5.5.git/diff/debian/?id=ubuntu/5.5.58-1ubuntu0.14.04.1&id2=ubuntu/5.5.58-1ubuntu0.14.04.1

Or in a local clone with 'git diff <tag1>..<tag2> debian/'

Security sponsor note these: https://wiki.ubuntu.com/SecurityTeam/PublicationNotes#Sponsoring_MariaDB_Security_Updates

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mariadb-5.5 - 5.5.58-1ubuntu0.14.04.1

---------------
mariadb-5.5 (5.5.58-1ubuntu0.14.04.1) trusty-security; urgency=high

  * SECURITY UPDATE: New upstream release 5.5.58. Includes fixes for
    the following security vulnerabilities (LP: #1740608):
    - CVE-2017-10378, MDEV-13819
    - CVE-2017-10268
  * Update previous changelog entries to contain new CVE identifiers
  * Includes upstream MDEV-13819 server crash fix (LP: #1735876)

 -- Otto Kekäläinen <email address hidden> Sat, 30 Dec 2017 17:55:52 +0200

Changed in mariadb-5.5 (Ubuntu):
status: New → Fix Released
Otto Kekäläinen (otto) wrote :

The 10.0 series update for 16.04 is now available.

Please use git-buildpackage to fetch and build from the ubuntu-16.04 branch at http://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/log/?h=ubuntu-16.04

The repository uses pristine-tar, so there is no need to separately download the sources. You can just check the signature/SHA1SUM directly from the git-buildpackage generated tarball.

Test builds and testsuite passed on all platforms at https://launchpad.net/~mysql-ubuntu/+archive/ubuntu/mariadb-10.0/+builds?build_text=&build_state=all

As a reminder, debdiffs can be browsed directly from the repo like this:
https://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/diff/debian/?id=ubuntu/10.0.31-0ubuntu0.16.04.1&id2=ubuntu/10.0.29-0ubuntu0.16.04.1

Or in a local clone with 'git diff <tag1>..<tag2> debian/'

Security sponsor note these: https://wiki.ubuntu.com/SecurityTeam/PublicationNotes#Sponsoring_MariaDB_Security_Updates

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mariadb-10.0 - 10.0.33-0ubuntu0.16.04.1

---------------
mariadb-10.0 (10.0.33-0ubuntu0.16.04.1) xenial-security; urgency=high

  [ Otto Kekäläinen ]
  * SECURITY UPDATE: New upstream release 10.0.33. Includes fixes for the
    following security vulnerabilities (LP: #1740608):
    - CVE-2017-10378
    - CVE-2017-10268
    - MDEV-13819
  * Previous release 10.0.32 included included fixes for
    - CVE-2017-10384
    - CVE-2017-10379
    - CVE-2017-10286
    - CVE-2017-3636
    - CVE-2017-3641
    - CVE-2017-3653
  * Remove InnoDB build failure fix applied upstream

 -- Otto Kekäläinen <email address hidden> Thu, 04 Jan 2018 11:44:00 +0200

Changed in mariadb-10.0 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers