[Bug 1926926] Re: CVE-2021-27928 et al affects MariaDB in Ubuntu
This bug was fixed in the package mariadb-10.5 - 1:10.5.10-1 --- mariadb-10.5 (1:10.5.10-1) unstable; urgency=medium [ Otto Kekäläinen ] * New upstream version 10.5.10. Includes security fixes for (Closes: #988428): - CVE-2021-2154 - CVE-2021-2166 * Previous release 10.5.9 included security fixes additionally for: - CVE-2021-27928 * Previous release 10.5.7 included security fixes additionally for: - CVE-2021-2194 * Previous release 10.5.5 included security fixes additionally for: - CVE-2021-2022 * Update symbols to include new one from MariaDB Client 3.1.13 * Misc Salsa-CI fixes for better QA * Innotop: Add support for MariaDB 10.5+ (Closes: #941986) * Bugfix: Ensure upstream 1556 patch is included fully (Closes: 987231) * Bugfix: Don't create /usr/share/mysql/*.flag files (Closes: #985870) * Misc spelling fixes [ Glenn Strauss ] * Mark systemd files [linux-any] in debian/*.install [ Arnaud Rebillout ] * Fix postinst trigger when systemd is not running (Closes: #983563) [ Faustin Lammler ] * GitLab CI now supports timeout for specific jobs -- Otto Kekäläinen Sun, 16 May 2021 11:36:38 -0700 ** Changed in: mariadb-10.5 (Ubuntu Impish) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926926 Title: CVE-2021-27928 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.5/+bug/1926926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926926] Re: CVE-2021-27928 et al affects MariaDB in Ubuntu
** Changed in: mariadb-10.5 (Ubuntu Impish) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926926 Title: CVE-2021-27928 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.5/+bug/1926926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926926] Re: CVE-2021-27928 et al affects MariaDB in Ubuntu
This bug was fixed in the package mariadb-10.5 - 1:10.5.10-0ubuntu0.21.04.1 --- mariadb-10.5 (1:10.5.10-0ubuntu0.21.04.1) hirsute-security; urgency=medium * SECURITY UPDATE: New upstream version 10.5.10 includes fixes for the following security vulnerabilities (LP: #1926926): - CVE-2021-2154 - CVE-2021-2166 * Previous release 10.5.9 included security fixes additionally for: - CVE-2021-27928 * Previous release 10.5.7 included security fixes additionally for: - CVE-2021-2194 * Previous release 10.5.5 included security fixes additionally for: - CVE-2021-2022 * Drop riscv64 patch applied upstream * Drop spelling fixes applied upstream * Update symbols to include new one from MariaDB Client 3.1.13 * Remove obsolete sql file removed by upstream (MDEV-24586) * Remove salsa-ci.yml, does not work for Ubuntu quality assurance -- Otto Kekäläinen Sun, 09 May 2021 10:49:34 -0700 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926926 Title: CVE-2021-27928 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.5/+bug/1926926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926926] Re: CVE-2021-27928 et al affects MariaDB in Ubuntu
This bug was fixed in the package mariadb-10.1 - 1:10.1.48-0ubuntu0.18.04.1 --- mariadb-10.1 (1:10.1.48-0ubuntu0.18.04.1) bionic-security; urgency=medium * SECURITY UPDATE: New upstream version 10.1.48 includes fixes for the following security vulnerabilities (LP: #1926926): - CVE-2020-14765 - CVE-2020-14812 - CVE-2020-28912 * Additional backported fix for CVE-2021-27928: - Make @@wsrep_provider and @@wsrep_notify_cmd read-only -- Otto Kekäläinen Sun, 02 May 2021 18:40:30 -0700 ** Changed in: mariadb-10.1 (Ubuntu Bionic) Status: New => Fix Released ** Changed in: mariadb-10.5 (Ubuntu Hirsute) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926926 Title: CVE-2021-27928 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.5/+bug/1926926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926926] Re: CVE-2021-27928 et al affects MariaDB in Ubuntu
This bug was fixed in the package mariadb-10.3 - 1:10.3.29-0ubuntu0.20.04.1 --- mariadb-10.3 (1:10.3.29-0ubuntu0.20.04.1) focal-security; urgency=medium * SECURITY UPDATE: New upstream version 10.3.29 includes fixes for the following security vulnerabilities (LP: #1926926): - CVE-2021-2154 - CVE-2021-2166 * Previous release 10.3.28 included fixes for: - CVE-2021-27928 * Previous release 10.3.26 included fixes for: - CVE-2020-14765 - CVE-2020-14776 - CVE-2020-14789 - CVE-2020-14812 - CVE-2020-28912 - CVE-2021-2194 * Previous release 10.3.24 included fixes for: - CVE-2021-2022 * Drop patch obsoleted by test file removal in upstream (MDEV-22653) * Drop file removed upstream (MDEV-24586) * Update symbols to include new one from MariaDB Client 3.1.13 -- Otto Kekäläinen Sun, 09 May 2021 11:20:31 -0700 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926926 Title: CVE-2021-27928 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.5/+bug/1926926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926926] Re: CVE-2021-27928 et al affects MariaDB in Ubuntu
This bug was fixed in the package mariadb-10.3 - 1:10.3.29-0ubuntu0.20.10.1 --- mariadb-10.3 (1:10.3.29-0ubuntu0.20.10.1) groovy-security; urgency=medium * SECURITY UPDATE: New upstream version 10.3.29 includes fixes for the following security vulnerabilities (LP: #1926926): - CVE-2021-2154 - CVE-2021-2166 * Previous release 10.3.28 included fixes for: - CVE-2021-27928 * Previous release 10.3.26 included fixes for: - CVE-2020-14765 - CVE-2020-14776 - CVE-2020-14789 - CVE-2020-14812 - CVE-2020-28912 - CVE-2021-2194 * Previous release 10.3.24 included fixes for: - CVE-2021-2022 * Drop --libmysqld-libs patcha applied upstream * Drop patch obsoleted by test file removal in upstream (MDEV-22653) * Drop file removed upstream (MDEV-24586) * Update symbols to include new one from MariaDB Client 3.1.13 -- Otto Kekäläinen Sun, 09 May 2021 13:47:12 -0700 ** Changed in: mariadb-10.3 (Ubuntu Groovy) Status: New => Fix Released ** Changed in: mariadb-10.3 (Ubuntu Focal) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926926 Title: CVE-2021-27928 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.5/+bug/1926926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926926] Re: CVE-2021-27928 et al affects MariaDB in Ubuntu
Thanks a bunch @otto!! I'll issue an USN for it asap. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926926 Title: CVE-2021-27928 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.5/+bug/1926926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926926] Re: CVE-2021-27928 et al affects MariaDB in Ubuntu
You might want to consider issuing a USN for these updates as well. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926926 Title: CVE-2021-27928 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.5/+bug/1926926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926926] Re: CVE-2021-27928 et al affects MariaDB in Ubuntu
The 10.5 series update for 21.04 is now available. Please use git-buildpackage to fetch and build from the ubuntu-21.04 branch at https://salsa.debian.org/mariadb- team/mariadb-10.5/tree/ubuntu-21.04 The repository uses pristine-tar, so there is no need to separately download the sources. You can just check the signature/SHA1SUM directly from the git-buildpackage generated tarball. Test builds and testsuite passed on all platforms at https://launchpad.net/~mysql-ubuntu/+archive/ubuntu/mariadb-10.5/+builds?build_text=_state=all Debdiffs can be created directly from the repo like in a local clone with 'git diff .. debian/' Changelog: mariadb-10.5 (1:10.5.10-0ubuntu0.21.04.1) hirsute-security; urgency=medium * SECURITY UPDATE: New upstream version 10.5.10 includes fixes for the following security vulnerabilities (LP: #1926926): - CVE-2021-2154 - CVE-2021-2166 * Previous release 10.5.9 included security fixes additionally for: - CVE-2021-27928 * Previous release 10.5.7 included security fixes additionally for: - CVE-2021-2194 * Previous release 10.5.5 included security fixes additionally for: - CVE-2021-2022 * Drop riscv64 patch applied upstream * Drop spelling fixes applied upstream * Update symbols to include new one from MariaDB Client 3.1.13 * Remove obsolete sql file removed by upstream (MDEV-24586) * Remove salsa-ci.yml, does not work for Ubuntu quality assurance -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926926 Title: CVE-2021-27928 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.5/+bug/1926926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926926] Re: CVE-2021-27928 et al affects MariaDB in Ubuntu
The 10.3 series update for 20.10 is now available. Please use git-buildpackage to fetch and build from the ubuntu-20.10 branch at https://salsa.debian.org/mariadb- team/mariadb-10.3/tree/ubuntu-20.10 The repository uses pristine-tar, so there is no need to separately download the sources. You can just check the signature/SHA1SUM directly from the git-buildpackage generated tarball. Test builds and testsuite passed on all platforms at https://launchpad.net/~mysql-ubuntu/+archive/ubuntu/mariadb-10.3/+builds?build_text=_state=all Debdiffs can be created directly from the repo like in a local clone with 'git diff .. debian/' Changelog: mariadb-10.3 (1:10.3.29-0ubuntu0.20.10.1) groovy-security; urgency=medium * SECURITY UPDATE: New upstream version 10.3.29 includes fixes for the following security vulnerabilities (LP: #1926926): - CVE-2021-2154 - CVE-2021-2166 * Previous release 10.3.28 included fixes for: - CVE-2021-27928 * Previous release 10.3.26 included fixes for: - CVE-2020-14765 - CVE-2020-14776 - CVE-2020-14789 - CVE-2020-14812 - CVE-2020-28912 - CVE-2021-2194 * Previous release 10.3.24 included fixes for: - CVE-2021-2022 * Drop --libmysqld-libs patcha applied upstream * Drop patch obsoleted by test file removal in upstream (MDEV-22653) * Drop file removed upstream (MDEV-24586) * Update symbols to include new one from MariaDB Client 3.1.13 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926926 Title: CVE-2021-27928 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.5/+bug/1926926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926926] Re: CVE-2021-27928 et al affects MariaDB in Ubuntu
changelog: mariadb-10.1 (1:10.1.48-0ubuntu0.18.04.1) bionic-security; urgency=medium * SECURITY UPDATE: New upstream version 10.1.48 includes fixes for the following security vulnerabilities (LP: #1926926): - CVE-2020-14765 - CVE-2020-14812 - CVE-2020-28912 * Additional backported fix for CVE-2021-27928: - Make @@wsrep_provider and @@wsrep_notify_cmd read-only ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-14765 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-14812 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-28912 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-14776 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-14789 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-2022 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-2154 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-2166 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-2194 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926926 Title: CVE-2021-27928 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.5/+bug/1926926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926926] Re: CVE-2021-27928 et al affects MariaDB in Ubuntu
The 10.3 series update for 20.04 is now available. Please use git-buildpackage to fetch and build from the ubuntu-20.04 branch at https://salsa.debian.org/mariadb- team/mariadb-10.3/tree/ubuntu-20.04 The repository uses pristine-tar, so there is no need to separately download the sources. You can just check the signature/SHA1SUM directly from the git-buildpackage generated tarball. Test builds and testsuite passed on all platforms at https://launchpad.net/~mysql-ubuntu/+archive/ubuntu/mariadb-10.3/+builds?build_text=_state=all Debdiffs can be created directly from the repo like in a local clone with 'git diff .. debian/' Changelog: mariadb-10.3 (1:10.3.29-0ubuntu0.20.04.1) focal-security; urgency=medium * SECURITY UPDATE: New upstream version 10.3.29 includes fixes for the following security vulnerabilities (LP: #1926926): - CVE-2021-2154 - CVE-2021-2166 * Previous release 10.3.28 included fixes for: - CVE-2021-27928 * Previous release 10.3.26 included fixes for: - CVE-2020-14765 - CVE-2020-14776 - CVE-2020-14789 - CVE-2020-14812 - CVE-2020-28912 - CVE-2021-2194 * Previous release 10.3.24 included fixes for: - CVE-2021-2022 * Drop patch obsoleted by test file removal in upstream (MDEV-22653) * Drop file removed upstream (MDEV-24586) * Update symbols to include new one from MariaDB Client 3.1.13 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926926 Title: CVE-2021-27928 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.5/+bug/1926926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926926] Re: CVE-2021-27928 et al affects MariaDB in Ubuntu
** No longer affects: mariadb-10.3 (Ubuntu) ** No longer affects: mariadb-10.1 (Ubuntu) ** Changed in: mariadb-10.1 (Ubuntu Bionic) Importance: Undecided => Medium ** Changed in: mariadb-10.3 (Ubuntu Focal) Importance: Undecided => Medium ** Changed in: mariadb-10.3 (Ubuntu Groovy) Importance: Undecided => Medium ** Changed in: mariadb-10.5 (Ubuntu Hirsute) Importance: Undecided => Medium ** Changed in: mariadb-10.5 (Ubuntu Impish) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926926 Title: CVE-2021-27928 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.5/+bug/1926926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926926] Re: CVE-2021-27928 et al affects MariaDB in Ubuntu
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-27928 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926926 Title: CVE-2021-27928 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.1/+bug/1926926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1926926] Re: CVE-2021-27928 et al affects MariaDB in Ubuntu
The 10.1 series update for 18.04 is now available. Please use git-buildpackage to fetch and build from the ubuntu-18.04 branch at https://salsa.debian.org/mariadb- team/mariadb-10.1/tree/ubuntu-18.04 The repository uses pristine-tar, so there is no need to separately download the sources. You can just check the signature/SHA1SUM directly from the git-buildpackage generated tarball. Test builds and testsuite passed on all platforms at https://launchpad.net/~mysql-ubuntu/+archive/ubuntu/mariadb-10.1/+builds?build_text=_state=all Debdiffs can be created directly from the repo like in a local clone with 'git diff .. debian/' -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926926 Title: CVE-2021-27928 et al affects MariaDB in Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-10.1/+bug/1926926/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs