Source: mariadb-10.3 Version: 10.3.0-0+exp1 Severity: grave Tags: security upstream fixed-upstream
Hi As per http://www.openwall.com/lists/oss-security/2018/04/08/2, MariaDB is similarly affected by CVE-2018-2767 . Upsream confirmed that for MariaDB this means that if one connects to the remote server using the embedded library (libmysqld), then SSL is not enforced. Fixed as per upstream in https://github.com/MariaDB/server/commit/f5369faf5bbf in 5.5.60, 10.0.35, 10.1.33, 10.2.15, and 10.3.7 . Regards, Salvatore