Hi Otto, On Mon, Jan 26, 2015 at 09:03:28PM +0200, Otto Kekäläinen wrote: > The page https://mariadb.com/kb/en/security/ has updated and includes > info about these latest CVEs. > > It seems most issues were fixed in 5.5.41/10.0.16. > One was for 5.5.39/10.0.13. > > 10.0.16 hasn't been yet released, but I'll expect it is released soon > and I will try to be as fast as possible in updating the package in > Debian once the .16 release is out. > > CVE-2015-0385 and CVE-2015-0409 are not listed in the MariaDB security > list. I've sent email asking about their status and I'll track the > results in this bug report. > > Here is some background info about the CVE status by a MariaDB core > developer: https://lists.launchpad.net/maria-discuss/msg02153.html
Thanks for the update and checking with upstream regarding the two other CVEs. 10.0.16 seems now avaiable[1] (even though not yet announced on the webpage itself). [1] https://downloads.mariadb.com/files/MariaDB/mariadb-10.0.16/source Regards, Salvatore p.s.: FYI, if you want to reach also the submitter of a bug adding it to Cc is needed, since n...@bugs.debian.org does not reach the original submitter, see https://www.debian.org/Bugs/Developer#followup -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
