Your message dated Sat, 03 Mar 2018 22:16:03 +0000
with message-id <[email protected]>
and subject line Bug#891641: Removed package(s) from unstable
has caused the Debian Bug report #884065,
regarding mariadb-10.2 CVE-2017-10378 CVE-2017-10268 CVE-2017-15365
CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-10320 CVE-2017-10365
CVE-2017-10379 CVE-2017-10384 CVE-2017-10286 CVE-2017-3257
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
884065: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884065
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mariadb-10.2
Version: 10.2.7-1
Severity: grave
Tags: security upstream
Hi,
the following vulnerabilities were published for mariadb-10.2, these
are fixed in 10.2.10.
CVE-2017-10378[0]:
| Vulnerability in the MySQL Server component of Oracle MySQL
| (subcomponent: Server: Optimizer). Supported versions that are
| affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and
| earlier. Easily exploitable vulnerability allows low privileged
| attacker with network access via multiple protocols to compromise
| MySQL Server. Successful attacks of this vulnerability can result in
| unauthorized ability to cause a hang or frequently repeatable crash
| (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability
| impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2017-10268[1]:
| Vulnerability in the MySQL Server component of Oracle MySQL
| (subcomponent: Server: Replication). Supported versions that are
| affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and
| earlier. Difficult to exploit vulnerability allows high privileged
| attacker with logon to the infrastructure where MySQL Server executes
| to compromise MySQL Server. Successful attacks of this vulnerability
| can result in unauthorized access to critical data or complete access
| to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1
| (Confidentiality impacts). CVSS Vector:
| (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).
CVE-2017-15365[2]:
Replication in sql/event_data_objects.cc occurs before ACL checks
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-10378
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10378
[1] https://security-tracker.debian.org/tracker/CVE-2017-10268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10268
[2] https://security-tracker.debian.org/tracker/CVE-2017-15365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15365
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Version: 10.2.7-1+rm
Dear submitter,
as the package mariadb-10.2 has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/891641
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
