Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2020-15180

Source

Debian Bug report logs - #972746
mariadb-10.3: CVE-2020-15180

Package: src:mariadb-10.3; Maintainer for src:mariadb-10.3 is Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Fri, 23 Oct 2020 05:09:02 UTC

Severity: grave

Tags: fixed-upstream, security, upstream

Found in versions mariadb-10.3/1:10.3.23-0+deb10u1, mariadb-10.3/1:10.3.24-2

Fixed in version mariadb-10.3/1:10.3.25-0+deb10u1

Forwarded to https://jira.mariadb.org/browse/MDEV-23884

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#972746; Package src:mariadb-10.3. (Fri, 23 Oct 2020 05:09:03 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>. (Fri, 23 Oct 2020 05:09:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: mariadb-10.3
Version: 1:10.3.24-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 1:10.3.23-0+deb10u1
Control: fixed -1 1:10.3.25-0+deb10u1

Hi,

This is to track CVE-2020-15180. The issue is already fixed in buster,
so filling the bug in the BTS as RC severity to avoid buster ->
bullseye "regression" in case mariadb-10.3 is meant to be kept.

DSA 4776-1 fixed it for stable.

Regards,
Salvatore
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Marked as found in versions mariadb-10.3/1:10.3.23-0+deb10u1. Request was from Salvatore Bonaccorso <carnil@debian.org> to submit@bugs.debian.org. (Fri, 23 Oct 2020 05:09:03 GMT) (full text, mbox, link).

Marked as fixed in versions mariadb-10.3/1:10.3.25-0+deb10u1. Request was from Salvatore Bonaccorso <carnil@debian.org> to submit@bugs.debian.org. (Fri, 23 Oct 2020 05:09:04 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#972746; Package src:mariadb-10.3. (Fri, 23 Oct 2020 06:27:06 GMT) (full text, mbox, link).

Acknowledgement sent to Otto Kekäläinen <otto@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>. (Fri, 23 Oct 2020 06:27:06 GMT) (full text, mbox, link).

Message #14 received at 972746@bugs.debian.org (full text, mbox, reply):

Hello!

Thanks!

Bullseye is meant to ship with 10.5 and 10.3 should be removed once
10.5 has been in Debian testing for a while (currently still in Debian
unstable due to debci false positive).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>:
Bug#972746; Package src:mariadb-10.3. (Fri, 23 Oct 2020 18:48:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>. (Fri, 23 Oct 2020 18:48:05 GMT) (full text, mbox, link).

Message #19 received at 972746@bugs.debian.org (full text, mbox, reply):

Hi Otto,

On Fri, Oct 23, 2020 at 09:03:16AM +0300, Otto Kekäläinen wrote:
> Hello!
> 
> Thanks!
> 
> Bullseye is meant to ship with 10.5 and 10.3 should be removed once
> 10.5 has been in Debian testing for a while (currently still in Debian
> unstable due to debci false positive).

Thanks, this sounds sensible!

Regards,
Salvatore

Set Bug forwarded-to-address to 'https://jira.mariadb.org/browse/MDEV-23884'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 31 Oct 2020 09:24:02 GMT) (full text, mbox, link).

Added tag(s) fixed-upstream. Request was from debian-bts-link@lists.debian.org to control@bugs.debian.org. (Thu, 05 Nov 2020 17:21:11 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Nov 16 11:39:45 2020; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

mariadb-10.3: CVE-2020-15180

Debian Bug report logs - #972746
mariadb-10.3: CVE-2020-15180

Vulmon Search

About

Products

Connect

mariadb-10.3: CVE-2020-15180

Debian Bug report logs - #972746 mariadb-10.3: CVE-2020-15180

Vulmon Search

About

Products

Connect

Debian Bug report logs - #972746
mariadb-10.3: CVE-2020-15180