FYI, I have been working on this since yesterday, but there is a lot of things to clean up / fix due to upstream Debian packaging changes in a stable release, packaging changes by Ondrej in our Debian packaging git repo so I need to adapt a new workflow for myself, and then the fact that 10.1.29 was made and git committed for stable point release upload, but it wasn't accepted.
(release team didn't respond to Ondrej's last message on Dec 11th at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882909) So things are in progress but moving slowly unfortunately.. 2017-12-26 16:15 GMT+02:00 Salvatore Bonaccorso <[email protected]>: > Source: mariadb-10.1 > Version: 1:10.1.29-6 > Severity: important > Tags: security upstream fixed-upstream > Control: found -1 10.1.23-1 > > > Hi, > > the following vulnerability was published for mariadb-10.1, this is > fixed in 10.1.30. > > CVE-2017-15365[0]: > Replication in sql/event_data_objects.cc occurs before ACL checks > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2017-15365 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15365 > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1524234 > > Please adjust the affected versions in the BTS as needed.
