Your message dated Mon, 17 May 2021 03:03:45 +0000
with message-id <[email protected]>
and subject line Bug#988428: fixed in mariadb-10.5 1:10.5.10-1
has caused the Debian Bug report #988428,
regarding mariadb-10.5: CVE-2021-2154 CVE-2021-2166
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
988428: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988428
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mariadb-10.5
Version: 1:10.5.9-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for mariadb-10.5.
CVE-2021-2154[0]:
| Vulnerability in the MySQL Server product of Oracle MySQL (component:
| Server: DML). Supported versions that are affected are 5.7.33 and
| prior. Easily exploitable vulnerability allows high privileged
| attacker with network access via multiple protocols to compromise
| MySQL Server. Successful attacks of this vulnerability can result in
| unauthorized ability to cause a hang or frequently repeatable crash
| (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
| impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-2166[1]:
| Vulnerability in the MySQL Server product of Oracle MySQL (component:
| Server: DML). Supported versions that are affected are 5.7.33 and
| prior and 8.0.23 and prior. Easily exploitable vulnerability allows
| high privileged attacker with network access via multiple protocols to
| compromise MySQL Server. Successful attacks of this vulnerability can
| result in unauthorized ability to cause a hang or frequently
| repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score
| 4.9 (Availability impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
They are fixed in 10.5.10.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-2154
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2154
[1] https://security-tracker.debian.org/tracker/CVE-2021-2166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2166
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: mariadb-10.5
Source-Version: 1:10.5.10-1
Done: Otto Kekäläinen <[email protected]>
We believe that the bug you reported is fixed in the latest version of
mariadb-10.5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Otto Kekäläinen <[email protected]> (supplier of updated mariadb-10.5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 16 May 2021 11:36:38 -0700
Source: mariadb-10.5
Binary: libmariadb-dev libmariadb-dev-compat libmariadb3 libmariadbd19
libmariadbd-dev mariadb-common mariadb-client-core-10.5 mariadb-client-10.5
mariadb-server-core-10.5 mariadb-server-10.5 mariadb-server mariadb-client
mariadb-backup mariadb-plugin-connect mariadb-plugin-s3 mariadb-plugin-rocksdb
mariadb-plugin-oqgraph mariadb-plugin-mroonga mariadb-plugin-spider
mariadb-plugin-gssapi-server mariadb-plugin-gssapi-client
mariadb-plugin-cracklib-password-check mariadb-test mariadb-test-data
Architecture: source
Version: 1:10.5.10-1
Distribution: unstable
Urgency: medium
Maintainer: Debian MySQL Maintainers <[email protected]>
Changed-By: Otto Kekäläinen <[email protected]>
Description:
libmariadb-dev - MariaDB database development files
libmariadb-dev-compat - MariaDB Connector/C, compatibility symlinks
libmariadb3 - MariaDB database client library
libmariadbd-dev - MariaDB embedded database, development files
libmariadbd19 - MariaDB embedded database, shared library
mariadb-backup - Backup tool for MariaDB server
mariadb-client - MariaDB database client (metapackage depending on the latest
vers
mariadb-client-10.5 - MariaDB database client binaries
mariadb-client-core-10.5 - MariaDB database core client binaries
mariadb-common - MariaDB common configuration files
mariadb-plugin-connect - Connect storage engine for MariaDB
mariadb-plugin-cracklib-password-check - CrackLib Password Validation Plugin
for MariaDB
mariadb-plugin-gssapi-client - GSSAPI authentication plugin for MariaDB client
mariadb-plugin-gssapi-server - GSSAPI authentication plugin for MariaDB server
mariadb-plugin-mroonga - Mroonga storage engine for MariaDB
mariadb-plugin-oqgraph - OQGraph storage engine for MariaDB
mariadb-plugin-rocksdb - RocksDB storage engine for MariaDB
mariadb-plugin-s3 - Amazon S3 archival storage engine for MariaDB
mariadb-plugin-spider - Spider storage engine for MariaDB
mariadb-server - MariaDB database server (metapackage depending on the latest
vers
mariadb-server-10.5 - MariaDB database server binaries
mariadb-server-core-10.5 - MariaDB database core server files
mariadb-test - MariaDB database regression test suite
mariadb-test-data - MariaDB database regression test suite - data files
Closes: 941986 983563 985870 987231 988428
Changes:
mariadb-10.5 (1:10.5.10-1) unstable; urgency=medium
.
[ Otto Kekäläinen ]
* New upstream version 10.5.10. Includes security fixes for (Closes:
#988428):
- CVE-2021-2154
- CVE-2021-2166
* Previous release 10.5.9 included security fixes additionally for:
- CVE-2021-27928
* Previous release 10.5.7 included security fixes additionally for:
- CVE-2021-2194
* Previous release 10.5.5 included security fixes additionally for:
- CVE-2021-2022
* Update symbols to include new one from MariaDB Client 3.1.13
* Misc Salsa-CI fixes for better QA
* Innotop: Add support for MariaDB 10.5+ (Closes: #941986)
* Bugfix: Ensure upstream 1556 patch is included fully (Closes: 987231)
* Bugfix: Don't create /usr/share/mysql/*.flag files (Closes: #985870)
* Misc spelling fixes
.
[ Glenn Strauss ]
* Mark systemd files [linux-any] in debian/*.install
.
[ Arnaud Rebillout ]
* Fix postinst trigger when systemd is not running (Closes: #983563)
.
[ Faustin Lammler ]
* GitLab CI now supports timeout for specific jobs
Checksums-Sha1:
cbedc443320bc2cf1d7f984553c409f6af0d04c2 4749 mariadb-10.5_10.5.10-1.dsc
7381ea990812be76b39688115f2cae40aa68b1d4 99019617
mariadb-10.5_10.5.10.orig.tar.gz
56f54e4c39fdf23970066c30106a02f7ea41e7b2 195
mariadb-10.5_10.5.10.orig.tar.gz.asc
5b01a8c40da9053b4f565b59e77ab973b84f68ed 222040
mariadb-10.5_10.5.10-1.debian.tar.xz
91692b8c8160f6d4855436a6f00b4d723da92f49 9393
mariadb-10.5_10.5.10-1_source.buildinfo
Checksums-Sha256:
2129da5881a55ab9f5b7fb012e461085fcee2310cd39a933ed37c19644dc0b88 4749
mariadb-10.5_10.5.10-1.dsc
a5ff32f9fcaaf26bf5cba94accc7b246d2d5eb75710d027e40122df6bac0babb 99019617
mariadb-10.5_10.5.10.orig.tar.gz
15b728d7a15db005956ee96799000fc92ad7329e9d70bf1a89aab19dc1381705 195
mariadb-10.5_10.5.10.orig.tar.gz.asc
ed5f0290fbba44eb70607aca3f1dee8528e515d95574e613c0a4f582dbd4aa57 222040
mariadb-10.5_10.5.10-1.debian.tar.xz
01fe76d6433029924711f40ecaca4e5c35095c1fe3fb41e9fde67336af2c5e7f 9393
mariadb-10.5_10.5.10-1_source.buildinfo
Files:
ecbdd6511243b8a47c5f1882788987f4 4749 database optional
mariadb-10.5_10.5.10-1.dsc
d3cc75dc8287c797bb23c8d80dca3f39 99019617 database optional
mariadb-10.5_10.5.10.orig.tar.gz
c2ca31035f54551b44610d972863b9fb 195 database optional
mariadb-10.5_10.5.10.orig.tar.gz.asc
232a16f5133e9a8c2143cf8c7a9c9faf 222040 database optional
mariadb-10.5_10.5.10-1.debian.tar.xz
4e163b25c7edd03819986ac2c301e7c8 9393 database optional
mariadb-10.5_10.5.10-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEmbRSsR88dMO0U+RvvthEn87o2ogFAmChZ24ACgkQvthEn87o
2ojjjxAAlA9wgjjOqP4h4UfKeDNKMcu8LJU9K+ljrSw0r7+nTgq3xttguj7LEIOD
SYMMJIar3lUYag7XaR9mv1UmmBZgXndFMzw/uI55DjqZnRA+2CU0upgwE0XfJlte
SXhMNzAS6V7yFxLdhT6QJuPa6q8goGHqGgR32EV6UNxq/E6HHUiICy3pqnXbl6ww
Ge//qHdNzrfxiESSY8VuIApDwMzevpz+yBYZMRLzRUawI99ady6Qnc20Qq6H4ax8
xrGrzhfnQ6HmWcr28045XxohH/q2moKth+1xG9wTHzQwOWMVTXRfchD1we8ArhOu
sSkoyOHlYfOUxcCUH+Pz4pBOdnyNEfbJkvCAJRT9tf3tT3T82z9zue868qd9ccbY
TrfZ4/F8XlZNNhIYAxC0pXcVx6WvURzeXJ9kTVCo69NYqZXZiUO8AogNVbbO8r1n
MD7RxgQAo982foQRvIVuU4znCGNIbsB3thMILdwKVrtrGHkpJBv8JnsDbjMBchD4
k5MGmeTPHQuPRjXa4wW2lmFu1ilECla5tKfBrrz1lVV1Rn9V/+nrgyB/Fymuoypz
7D0AU1q6BInMzJAOB2oTZQ9m1yD4wg20fufNLLruU67hBhE+vUUAUjTafSXHT7Oc
pbzMUf8ml0xcXypfi511PC3a0AkmQNs8dO9k4kOXZ/WAuAGtrN4=
=2mok
-----END PGP SIGNATURE-----
--- End Message ---
