Hello Debian LTS team! Regarding CVE-2020-15180 I have prepared updates for Ubuntu Trusty (5.5), Ubuntu Bionic (10.1), Focal (10.3), Groovy (10.3) and Debian Stretch (10.1), Buster (10.3) and Sid (10.5).
The Debian and Ubuntu security teams have already processed these and DSA and USN are in the works. Last thing remaining is the coordination with the Debian LTS team about the Stretch update. Is there somebody in the LTS team who would like to review and approve a mariadb-10.1 1:10.1.45-0+debu1 for Stretch? Stretch changes: https://salsa.debian.org/mariadb-team/mariadb-10.1/-/compare/debian%2F10.1.45-0+deb9u1...stretch QA: https://salsa.debian.org/mariadb-team/mariadb-10.1/-/pipelines/185587 Unfortunately I don't have much more info about the security issue itself. The source diff shows some changes to the WSREP-API (Galera cluster code). There will be more info from secur...@mariadb.org at the end of the month as there is an embargo now to allow time for mysql-galera to ship an update. MariaDB and Percona have already released fixes. Release notes for reference: - https://mariadb.com/kb/en/mariadb-1056-release-notes/ - https://mariadb.com/kb/en/mariadb-10325-release-notes/ - https://mariadb.com/kb/en/mariadb-10147-release-notes/ - Otto
