Hi Otto, [Adding the Debian security team alias into the loop]
On Fri, May 23, 2025 at 06:30:52PM -0700, Otto Kekäläinen wrote: > Hi! > > > Hi, > > > > FYI: The new upstream minor version have been ready for review for 10+ > > days, and they include these CVE fixes. There are however potential > > regressions so I am holding back from uploading yet. > > > > * https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/119 > > * https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/121 > > * https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/120 > > * https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/118 > > * https://salsa.debian.org/mariadb-team/mariadb-10.5/-/merge_requests/22 > > MariaDB 11.10.13 is now out and ready for upload in MR!119. > > Should we make this a security upload or put into stable-updates? > Does the security team have a preference? > > I am fine either way. I think the no-dsa marked CVEs can still be done in the 12.12 point release. Please make sure that the fixes land in unstable and can migrate to testing, as we are in special times for the freeze for trixie. Regards, Salvatore
