For the record, the security-tracker ships the authoritative
assignment, they are:
[31 Aug 2018] DLA-1488-1 mariadb-10.0 - security update
{CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066}
[jessie] - mariadb-10.0 10.0.36-0+deb8u1
[31 Aug 2018] DLA-1486-1 spice - security update
{CVE-2018-10873}
[jessie] - spice 0.12.5-1+deb8u6
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec38e10ec1289c204c18999585bcbf7967ad7413
and
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdaa7f41280c397e155037320704cde369172aae
So the wepage of DLA 1488 should just be correct to for the mariadb-10.0
announcement. (The spice DLA seems to have been sent out twice).
Regards,
Salvatore
