Source: mariadb
Version: 1:11.4.5-1
Severity: important
Tags: security upstream
X-Debbugs-Cc:
carnil@debian.org, Debian Security Team <
team@security.debian.org>
Hi,
The following vulnerabilities were published for mariadb.
CVE-2023-52969[0]:
| MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7
| through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an
| empty backtrace log. This may be related to make_aggr_tables_info
| and optimize_stage2.
CVE-2023-52970[1]:
| MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7
| through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.*
| crashes in
| Item_direct_view_ref::derived_field_transformer_for_where.
CVE-2023-52971[2]:
| MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes
| in JOIN::fix_all_splittings_in_plan.
There are related MDEV issues referenced upstream and from the limited information this seems to affect the latest versions. The MDEV are not
public accessible, so can you please clarify with upstream on their
status.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0]
https://security-tracker.debian.org/tracker/CVE-2023-52969
https://www.cve.org/CVERecord?id=CVE-2023-52969
https://jira.mariadb.org/browse/MDEV-32083
[1]
https://security-tracker.debian.org/tracker/CVE-2023-52970
https://www.cve.org/CVERecord?id=CVE-2023-52970
https://jira.mariadb.org/browse/MDEV-32086
[2]
https://security-tracker.debian.org/tracker/CVE-2023-52971
https://www.cve.org/CVERecord?id=CVE-2023-52971
https://jira.mariadb.org/browse/MDEV-32084
Regards,
Salvatore
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)