The page https://mariadb.com/kb/en/security/ has updated and includes info about these latest CVEs.
It seems most issues were fixed in 5.5.41/10.0.16. One was for 5.5.39/10.0.13. 10.0.16 hasn't been yet released, but I'll expect it is released soon and I will try to be as fast as possible in updating the package in Debian once the .16 release is out. CVE-2015-0385 and CVE-2015-0409 are not listed in the MariaDB security list. I've sent email asking about their status and I'll track the results in this bug report. Here is some background info about the CVE status by a MariaDB core developer: https://lists.launchpad.net/maria-discuss/msg02153.html -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
