Hi Otto, On Sat, Dec 09, 2023 at 10:58:09PM +0800, Otto Kekäläinen wrote: > Hi Debian security team! > > MariaDB 1:10.11.6-1 entered Trixie only today after being stuck in > pending migration since Nov 28th from unstable. This > 1:10.11.6-0+deb12u1 missed the point update window. > > Are you OK if we proceed with this as a security upload?
I do not think we really need that. There is only scarce informtaion on the only CVE fixed, CVE-2023-22084, and the official description seem to require a high privileged attacker. But maybe you could reach out to MariaDB upstream so we can have a better idea on the fixed issue? I would suggest you just upload what you prepared to the proposed-updates queues so it can exposed by further testing of the release team tooling, and it will be included in the 12.4 point release. That is not even a problem if there will be a later incremental update on it. Regards, Salvatore
