Your message dated Sun, 08 Jun 2025 12:25:52 +0000
with message-id <e1uof60-005kte...@fasolo.debian.org>
and subject line Bug#1105976: fixed in mariadb 1:11.8.2-1
has caused the Debian Bug report #1105976,
regarding mariadb: CVE-2025-30722 CVE-2025-30693
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1105976: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105976
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: mariadb
Version: 1:11.8.1-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerabilities were published for mariadb.
CVE-2025-30722[0]:
| Vulnerability in the MySQL Client product of Oracle MySQL
| (component: Client: mysqldump). Supported versions that are
| affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult
| to exploit vulnerability allows low privileged attacker with network
| access via multiple protocols to compromise MySQL Client.
| Successful attacks of this vulnerability can result in unauthorized
| access to critical data or complete access to all MySQL Client
| accessible data as well as unauthorized update, insert or delete
| access to some of MySQL Client accessible data. CVSS 3.1 Base Score
| 5.9 (Confidentiality and Integrity impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N).
CVE-2025-30693[1]:
| Vulnerability in the MySQL Server product of Oracle MySQL
| (component: InnoDB). Supported versions that are affected are
| 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable
| vulnerability allows high privileged attacker with network access
| via multiple protocols to compromise MySQL Server. Successful
| attacks of this vulnerability can result in unauthorized ability to
| cause a hang or frequently repeatable crash (complete DOS) of MySQL
| Server as well as unauthorized update, insert or delete access to
| some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5
| (Integrity and Availability impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-30722
https://www.cve.org/CVERecord?id=CVE-2025-30722
[1] https://security-tracker.debian.org/tracker/CVE-2025-30693
https://www.cve.org/CVERecord?id=CVE-2025-30693
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: mariadb
Source-Version: 1:11.8.2-1
Done: Otto Kekäläinen <o...@debian.org>
We believe that the bug you reported is fixed in the latest version of
mariadb, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1105...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Otto Kekäläinen <o...@debian.org> (supplier of updated mariadb package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 08 Jun 2025 11:19:07 +0300
Source: mariadb
Architecture: source
Version: 1:11.8.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian MySQL Maintainers <pkg-mysql-ma...@lists.alioth.debian.org>
Changed-By: Otto Kekäläinen <o...@debian.org>
Closes: 1100437 1105976
Changes:
mariadb (1:11.8.2-1) unstable; urgency=medium
.
* New upstream version 11.8.2, which also announces the 11.8 series now
ready for general availability (GA) with security releases for 5 years.
This release includes fixes for several defects as noted at
https://mariadb.com/kb/en/mariadb-11-8-2-release-notes/ as well
the following security issues (Closes: #1100437, #1105976):
- CVE-2023-52969
- CVE-2023-52970
- CVE-2023-52971
- CVE-2025-30693
- CVE-2025-30722
* Drop all RocksDB patches now upstream due to update to version 6.29fb
* Drop PCRE2 10.45 compatibility patch obsoleted by upstream test change
* Update configuration traces to include new upstream system variables:
- innodb-buffer-pool-size-auto-min (default: 0)
- innodb-buffer-pool-size-max (default: 0)
- innodb-log-checkpoint-now (default: FALSE)
* Also update configuration traces to match that in 11.8.2 the variables
innodb-buffer-pool-chunk-size and innodb-log-spin-wait-delay are advertised
as deprecated.
* Disable new unreliable test main.mysql-interactive
* Add Breaks/Replaces for files moved around in src:mysql-8.4 (LP: #2110378)
* Update mariadb-server.NEWS with information about MariaDB 11.8 and
* best practices for creating app user and allowing remote connections
* Add patch to improve output from mariadb-secure-installation
Checksums-Sha1:
ed339a221cf52de90f6958fa6a74091be7cbbd8a 5621 mariadb_11.8.2-1.dsc
9acdcf7eb483119a5feeb98baf7683801a9e320a 116456706 mariadb_11.8.2.orig.tar.gz
d9e14b014bf5e67813bd76e85a4b3940db1fb23a 833 mariadb_11.8.2.orig.tar.gz.asc
64dcca07b76daf6977a7fbd881b210e9e9e79733 288420 mariadb_11.8.2-1.debian.tar.xz
7b02ba7e3aff258c0dd32e727add6319c8a85985 13326
mariadb_11.8.2-1_source.buildinfo
Checksums-Sha256:
9a75acb660028c03c52565f4a2865451b64aa8ae41ee8c7929eff8d012917324 5621
mariadb_11.8.2-1.dsc
b2162cdf5e9317d8a8621cbeda83999324fc0ac8944210e14abb5fe0a9fea3ef 116456706
mariadb_11.8.2.orig.tar.gz
dc2b87a87f4fc88d89e23887f2cbeed368f2f613a52bfcc65a194e770a2512e5 833
mariadb_11.8.2.orig.tar.gz.asc
aeb863d249a95354c8e7f725e8066a45e25cf4ac947d68f23132885be9ad26cc 288420
mariadb_11.8.2-1.debian.tar.xz
8e8382ddfed1cc00db9e9b3cc1f71c04eb84f4c4781a497a377b84a52aedc659 13326
mariadb_11.8.2-1_source.buildinfo
Files:
13e6d6efe73b16599e80ef0ee8d5e66d 5621 database optional mariadb_11.8.2-1.dsc
35262439b205a4d4125a058ea503ee49 116456706 database optional
mariadb_11.8.2.orig.tar.gz
912cc0a7d6bb232c658ea19b123d3edb 833 database optional
mariadb_11.8.2.orig.tar.gz.asc
73e239a2ed4c61c189307c4d09902af4 288420 database optional
mariadb_11.8.2-1.debian.tar.xz
06bb95b57b68c6ca19a879267c41d875 13326 database optional
mariadb_11.8.2-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEmbRSsR88dMO0U+RvvthEn87o2ogFAmhFe0AACgkQvthEn87o
2ohB+w/6A7mvCdp5uWHfMhGcaoch5aNhZWCESQYqsbapvu9VV9gV+gCAYvXN9Y+j
xURIWYP/K7o6iTOvypwFromA+86UXQNZ2n1kuEpOJB4TjcarCbuKcqYxgrtVUi4F
uoyRGfhGtbLvW0wGhOA8geUpgJ00kpviAUrDA8fO3Jn8L/g79piCIHalZs19QAYm
lahNE/tLcn3054zROl48BxO4TKOqunE9mmDLVc5VGfAnKyQ0MDJBqAXnQXuI71KY
zUPw5N9s8NV7BDW7uNV/s/H1dIvqbOd5zZcUOFvSTy9PYCkTSA0AELTGIz4DuB8k
F+SjAbsVXJnfc7tWOSw3yeLkkZZkjDslSYfn0Z8tyXY8dRTEKlleMI19lfmlZJie
VHhXoMnNbtFxyJ5I9OGuluLnR+ku99tSZY82YYLE+rR7oBzBJouK4t1Y78SqO1Au
pVXqgWQVsy+b6E83swexkasTK03H18sy0D2VAkNtJn4mpOzdl+YL9UrMidwbaHP9
uX/Iyvm8eWS9b+/iPlGJJw6zgveG8pzi/8GswTn7lIIe+RDpT8RPkXNJ4Mws53qb
ighSBlV8+2niF1oKtds08zAZtTh6cVATSt54ic/xa1vxfrrovfdnsocZ4iIzPATi
EIYAOHYSiLpG49axSx7feYRRfujNuYfRb47Ts6ulM9EmUlRVcO4=
=clJ7
-----END PGP SIGNATURE-----
pgpj1Ghyp_oLW.pgp
Description: PGP signature
--- End Message ---
