Source: mariadb Version: 1:11.8.1-4 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for mariadb. CVE-2025-30722[0]: | Vulnerability in the MySQL Client product of Oracle MySQL | (component: Client: mysqldump). Supported versions that are | affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult | to exploit vulnerability allows low privileged attacker with network | access via multiple protocols to compromise MySQL Client. | Successful attacks of this vulnerability can result in unauthorized | access to critical data or complete access to all MySQL Client | accessible data as well as unauthorized update, insert or delete | access to some of MySQL Client accessible data. CVSS 3.1 Base Score | 5.9 (Confidentiality and Integrity impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N). CVE-2025-30693[1]: | Vulnerability in the MySQL Server product of Oracle MySQL | (component: InnoDB). Supported versions that are affected are | 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable | vulnerability allows high privileged attacker with network access | via multiple protocols to compromise MySQL Server. Successful | attacks of this vulnerability can result in unauthorized ability to | cause a hang or frequently repeatable crash (complete DOS) of MySQL | Server as well as unauthorized update, insert or delete access to | some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 | (Integrity and Availability impacts). CVSS Vector: | (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-30722 https://www.cve.org/CVERecord?id=CVE-2025-30722 [1] https://security-tracker.debian.org/tracker/CVE-2025-30693 https://www.cve.org/CVERecord?id=CVE-2025-30693 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
