Hello! I just realized Emilio represents the LTS team and he already took care of this.
ke 21. lokak. 2020 klo 11.25 Otto Kekäläinen (o...@debian.org) kirjoitti: > > Hello Debian LTS team! > > Regarding CVE-2020-15180 I have prepared updates for Ubuntu Trusty > (5.5), Ubuntu Bionic (10.1), Focal (10.3), Groovy (10.3) and Debian > Stretch (10.1), Buster (10.3) and Sid (10.5). > > The Debian and Ubuntu security teams have already processed these and > DSA and USN are in the works. > > Last thing remaining is the coordination with the Debian LTS team > about the Stretch update. > > Is there somebody in the LTS team who would like to review and approve > a mariadb-10.1 1:10.1.45-0+debu1 for Stretch? > > Stretch changes: > https://salsa.debian.org/mariadb-team/mariadb-10.1/-/compare/debian%2F10.1.45-0+deb9u1...stretch > QA: https://salsa.debian.org/mariadb-team/mariadb-10.1/-/pipelines/185587 > > Unfortunately I don't have much more info about the security issue > itself. The source diff shows some changes to the WSREP-API (Galera > cluster code). There will be more info from secur...@mariadb.org at > the end of the month as there is an embargo now to allow time for > mysql-galera to ship an update. MariaDB and Percona have already > released fixes. > > Release notes for reference: > - https://mariadb.com/kb/en/mariadb-1056-release-notes/ > - https://mariadb.com/kb/en/mariadb-10325-release-notes/ > - https://mariadb.com/kb/en/mariadb-10147-release-notes/ > > > - Otto -- - Otto
