Bug#1034889: mariadb: CVE-2022-47015
Hi Otto, On Sun, May 14, 2023 at 10:17:06PM -0700, Otto Kekäläinen wrote: > Hi! > > New upstream import has been done and is pending at > https://salsa.debian.org/mariadb-team/mariadb-10.5/-/commits/bullseye > > Additionally I have > https://salsa.debian.org/mariadb-team/mariadb-10.5/-/merge_requests/14 > (#1035949) pending review as we might want to include it in the same > upload. > > Judging on notes at > https://security-tracker.debian.org/tracker/CVE-2022-47015 it might be > that Debian security does not consider this fix urgent, and we might > want instead to wait for the next stable release of Debian 11 > "Bullseye", although no date fo 11.8 is yet up at > https://release.debian.org/. Yes, an updat through a future bullseye point release is enough I believe and welcome. Remember you can upload multiple versions for a point release, means you can already ask for upload for what you have. This indeed gives additional chances that people pre-testing propoosed-updates test the update as well (and if it's the case notice problems). You do not need to wait for a 11.8 date to be announced. Regards, Salvatore
Bug#1034889: mariadb: CVE-2022-47015
Hi! New upstream import has been done and is pending at https://salsa.debian.org/mariadb-team/mariadb-10.5/-/commits/bullseye Additionally I have https://salsa.debian.org/mariadb-team/mariadb-10.5/-/merge_requests/14 (#1035949) pending review as we might want to include it in the same upload. Judging on notes at https://security-tracker.debian.org/tracker/CVE-2022-47015 it might be that Debian security does not consider this fix urgent, and we might want instead to wait for the next stable release of Debian 11 "Bullseye", although no date fo 11.8 is yet up at https://release.debian.org/.
Bug#1034889: mariadb: CVE-2022-47015
This will be fixed as part of next upstream maintenance release update in all versions of Debian and Ubuntu. I expect to do it in coming 1-2 weeks.
Bug#1034889: mariadb: CVE-2022-47015
Source: mariadb X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerability was published for mariadb. CVE-2022-47015[0]: | MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of | Service. It is possible for function spider_db_mbase::print_warnings | to dereference a null pointer. https://jira.mariadb.org/browse/MDEV-29644, fixed in 10.11.3 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-47015 https://www.cve.org/CVERecord?id=CVE-2022-47015 Please adjust the affected versions in the BTS as needed.