Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits: 51eb42e2 by Bastien Roucariès at 2024-08-24T07:32:32+00:00 CVE-2022-27386/mariadb not affected Test of POC does not coredump: -- /builds/lts-team/packages/mariadb-10.1/debian/output/source_dir/mysql-test/r/func_default.result 2024-08-23 22:43:13.000000000 +0000 +++ /builds/lts-team/packages/mariadb-10.1/debian/output/source_dir/mysql-test/r/func_default.reject 2024-08-23 22:58:10.083269449 +0000 @@ -34,8 +34,8 @@ NULL select default(a) = now() from v2; default(a) = now() -1 -1 +NULL +NULL select table_name,is_updatable from information_schema.views; table_name is_updatable v1 NO @@ -46,17 +46,19 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `v1` timestamp NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(), + `v1` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, `x` varchar(1) NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=latin1 select default(v1) from (select v1 from t1) dt; default(v1) -2001-01-01 10:20:30 +0000-00-00 00:00:00 select default(v1) from (select v1 from t1 group by v1) dt; default(v1) 0000-00-00 00:00:00 drop table t1; create table t1 (a text default ''); +Warnings: +Warning 1101 BLOB/TEXT column 'a' can't have a default value create algorithm=temptable view v1 as select * from t1; insert into t1 values ('a'); select default(a) from v1; mysqltest: Result length mismatch Moreover fix is not backportable due to missing member: /builds/lts-team/packages/mariadb-10.1/debian/output/source_dir/sql/sql_select.cc:16091:38: error: 'class Field' has no member named 'default_value' new_field->vcol_info= new_field->default_value= ^~~~~~~~~~~~~ /builds/lts-team/packages/mariadb-10.1/debian/output/source_dir/sql/sql_select.cc:16092:18: error: 'class Field' has no member named 'check_constraint'; did you mean 'Subst_constraint'? new_field->check_constraint= 0; ^~~~~~~~~~~~~~~~ According to changelog https://mariadb.com/kb/en/changes-improvements-in-mariadb-10-2/ BLOB default and table default is a 10.2 feature. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -193411,10 +193411,11 @@ CVE-2022-27386 (MariaDB Server v10.7 and below was discovered to contain a segme - mariadb-10.5 <removed> [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 - mariadb-10.3 <removed> - - mariadb-10.1 <removed> + - mariadb-10.1 <not-affected> NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-26406 NOTE: MariaDB main bug: https://jira.mariadb.org/browse/MDEV-21028 NOTE: MariaDB commit: https://github.com/MariaDB/server/commit/5ba77222e9fe7af8ff403816b5338b18b342053c (mariadb-10.3.35) + NOTE: POC does not coredump for mariadb10.1 and warn about not supported default column CVE-2022-27385 (An issue in the component Used_tables_and_const_cache::used_tables_and ...) - mariadb-10.6 1:10.6.8-1 - mariadb-10.5 <removed> View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51eb42e26a5819ac16080ae34332d476b5883d06 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51eb42e26a5819ac16080ae34332d476b5883d06 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits