On Friday, 24 February 2023 09:55:18 CET Rai wrote: > Hi Paul, > > Great work and big thanks for the findings. > But indeed, this change in mariadb_lib.c is a functional change which should > have never made it in a security update. :(
Agreed. Since this bug merely manifests itself in Kontact but must be fixed elsewhere, I have opened a new bug against libqt5sql5-mysql: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031863 Sorry if this bug might have been retargeted, but it isn't obvious how that might be done. I imagine that we could make this existing bug dependent on the new bug, and when the fix is hopefully made, we might then close both of them. It is conceivable that Debian maintainers may wish to revert the regression in libmariadb3 instead, but that it a matter for them to decide, and so I won't go and create another bug against libmariadb3. I have merely mentioned the possibility in the new bug description. Paul
