Your message dated Tue, 21 May 2019 09:20:54 +0000 with message-id <e1ht0x4-000hd1...@fasolo.debian.org> and subject line Bug#928393: fixed in mariadb-10.3 1:10.3.15-1 has caused the Debian Bug report #928393, regarding mariadb-10.3: CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 928393: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928393 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: mariadb-10.3 Version: 1:10.3.14-1 Severity: grave Tags: security upstream Justification: user security hole Hi, The following vulnerabilities were published for mariadb-10.3. CVE-2019-2614[0]: | Vulnerability in the MySQL Server component of Oracle MySQL | (subcomponent: Server: Replication). Supported versions that are | affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. | Difficult to exploit vulnerability allows high privileged attacker | with network access via multiple protocols to compromise MySQL Server. | Successful attacks of this vulnerability can result in unauthorized | ability to cause a hang or frequently repeatable crash (complete DOS) | of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS | Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2019-2627[1]: | Vulnerability in the MySQL Server component of Oracle MySQL | (subcomponent: Server: Security: Privileges). Supported versions that | are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and | prior. Easily exploitable vulnerability allows high privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability | impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2019-2628[2]: | Vulnerability in the MySQL Server component of Oracle MySQL | (subcomponent: InnoDB). Supported versions that are affected are | 5.7.25 and prior and 8.0.15 and prior. Easily exploitable | vulnerability allows high privileged attacker with network access via | multiple protocols to compromise MySQL Server. Successful attacks of | this vulnerability can result in unauthorized ability to cause a hang | or frequently repeatable crash (complete DOS) of MySQL Server. CVSS | 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: | (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-2614 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2614 [1] https://security-tracker.debian.org/tracker/CVE-2019-2627 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2627 [2] https://security-tracker.debian.org/tracker/CVE-2019-2628 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2628 [3] https://mariadb.com/kb/en/library/mariadb-10315-release-notes/ Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: mariadb-10.3 Source-Version: 1:10.3.15-1 We believe that the bug you reported is fixed in the latest version of mariadb-10.3, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 928...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Otto Kekäläinen <o...@debian.org> (supplier of updated mariadb-10.3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 21 May 2019 10:45:37 +0300 Source: mariadb-10.3 Binary: libmariadb-dev libmariadbclient-dev libmariadb-dev-compat libmariadb3 libmariadbd19 libmariadbd-dev mariadb-common mariadb-client-core-10.3 mariadb-client-10.3 mariadb-server-core-10.3 mariadb-server-10.3 mariadb-server mariadb-client mariadb-backup mariadb-plugin-connect mariadb-plugin-rocksdb mariadb-plugin-oqgraph mariadb-plugin-tokudb mariadb-plugin-mroonga mariadb-plugin-spider mariadb-plugin-gssapi-server mariadb-plugin-gssapi-client mariadb-plugin-cracklib-password-check mariadb-test mariadb-test-data Architecture: source Version: 1:10.3.15-1 Distribution: unstable Urgency: high Maintainer: Debian MySQL Maintainers <pkg-mysql-ma...@lists.alioth.debian.org> Changed-By: Otto Kekäläinen <o...@debian.org> Description: libmariadb-dev - MariaDB database development files libmariadb-dev-compat - MariaDB Connector/C, compatibility symlinks libmariadb3 - MariaDB database client library libmariadbclient-dev - MariaDB database development files (transitional package) libmariadbd-dev - MariaDB embedded database, development files libmariadbd19 - MariaDB embedded database, shared library mariadb-backup - Backup tool for MariaDB server mariadb-client - MariaDB database client (metapackage depending on the latest vers mariadb-client-10.3 - MariaDB database client binaries mariadb-client-core-10.3 - MariaDB database core client binaries mariadb-common - MariaDB common metapackage mariadb-plugin-connect - Connect storage engine for MariaDB mariadb-plugin-cracklib-password-check - CrackLib Password Validation Plugin for MariaDB mariadb-plugin-gssapi-client - GSSAPI authentication plugin for MariaDB client mariadb-plugin-gssapi-server - GSSAPI authentication plugin for MariaDB server mariadb-plugin-mroonga - Mroonga storage engine for MariaDB mariadb-plugin-oqgraph - OQGraph storage engine for MariaDB mariadb-plugin-rocksdb - RocksDB storage engine for MariaDB mariadb-plugin-spider - Spider storage engine for MariaDB mariadb-plugin-tokudb - TokuDB storage engine for MariaDB mariadb-server - MariaDB database server (metapackage depending on the latest vers mariadb-server-10.3 - MariaDB database server binaries mariadb-server-core-10.3 - MariaDB database core server files mariadb-test - MariaDB database regression test suite mariadb-test-data - MariaDB database regression test suite - data files Closes: 921599 928230 928393 Changes: mariadb-10.3 (1:10.3.15-1) unstable; urgency=high . [ Otto Kekäläinen ] * New upstream version 10.3.15. Includes security fixes for (Closes: #928393): - CVE-2019-2628 - CVE-2019-2627 - CVE-2019-2614 * Includes upstream fix for MDEV-18721: Host option in configuration file is ignored (Closes: #921599) . [ Gregor Riepl ] * Extend mariadb/mysql_config to support --libmysqld-libs (Closes: #928230) . [ Julien Muchembled ] * Enable LZ4&Snappy for InnoDB and LZ4&Snappy&ZSTD for RocksDB Checksums-Sha1: 7f780b3c56e57ee560a1bf9600aa6d97a8369276 4739 mariadb-10.3_10.3.15-1.dsc 134f6a1ee6bf3048580eca945a51cb3c9bda7cbe 70824529 mariadb-10.3_10.3.15.orig.tar.gz 6f7443abc6feb52ba65846a76bb61223a719e43a 181 mariadb-10.3_10.3.15.orig.tar.gz.asc c3d3d13b42016285a3fae0851c20fdf2985cbf5e 223992 mariadb-10.3_10.3.15-1.debian.tar.xz b3021e9d9f7e55eb2329999d4552561de4480711 9104 mariadb-10.3_10.3.15-1_source.buildinfo Checksums-Sha256: 6c090a441ff1f8cbf156826303478e47c4c584823fb9b25006ed5aad97279979 4739 mariadb-10.3_10.3.15-1.dsc 27f391a54d544f93850d4edfb3ef1b4cf24f8e27e61e51727b0e7d31bb4d6968 70824529 mariadb-10.3_10.3.15.orig.tar.gz e1c988f3692971d2f978ecfa749ca1c8a3fe26caf7c8bd0ce7355fe92639897e 181 mariadb-10.3_10.3.15.orig.tar.gz.asc e3e395e5e9b270cceb1dd8d2da0e5dc641acde3b9f287d107073b79eb7415922 223992 mariadb-10.3_10.3.15-1.debian.tar.xz 6561fdeee047ad9a8644e23cbbaa0637b477bae91ae86de4dc57616288067207 9104 mariadb-10.3_10.3.15-1_source.buildinfo Files: 61e417d5fa36a944279b0c8eab0c495a 4739 database optional mariadb-10.3_10.3.15-1.dsc 08edd8b5060a181e6dd3c6aac23218cd 70824529 database optional mariadb-10.3_10.3.15.orig.tar.gz f6ac546f13da54a0946afda66b2717ff 181 database optional mariadb-10.3_10.3.15.orig.tar.gz.asc 375761ee16a05208bd34469d7ccb49f8 223992 database optional mariadb-10.3_10.3.15-1.debian.tar.xz 6a020a7498cfdfdbcf3f2c9e439aadca 9104 database optional mariadb-10.3_10.3.15-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEmbRSsR88dMO0U+RvvthEn87o2ogFAlzjrSMACgkQvthEn87o 2ojCAg//aEAsN+Ms/D7D0XS6VQg1q07Nl7LwvwfaKJy2fDFkvkzZ55/L1yctTQcH biOgucBuB2bmuufx7MKO17UV2fGvePLGaYfL3+Cp0Fl3XXU0mG3k9DJJglhu1xfM iZmGR8zcto/fs3AEAqcs1tPJRns+CrhmPgyC2L18lAtyxYb4tbxunu0Yx28YuFKC Hqqu0iCUm/R8CmRisQOiLseEpmvp10pGnojnhDxpq12ddvyFsuka6fOJLXWc+1JC mFFCwFYE5nsXUje2pMRbmY/yeabf/jBx28TT92BfuYx89H/WQC7eQqFRs8Ai441n kIPJM5FyjZdlGhnFeXK9APsJ0oqtGeHp2ijbH440fmQKTn9PCS/7I7cgFTLMz6Fq UkA/qjSnXld0eWBTgdqHuNA2oKRTpPMdMZlXRNlcSz/bZF+DLx+YrV56HlAJJS0l d/rbb9rtTT3jFRBybNpPJ8lC2XhOlYOcpwfF7YdR5Z+fiFLcykfN2XmRa5DGZIfK /wXeIRrvdI0i79I+f1To7PRwm1Qp5lhaFalAu0JCBUIZ9n51/VeSdpdudAF3LXtv C24alqVQb6Zw0CDJgJJH6lENI2na8vA9Rka+3cGFgkcEY5DGsjvHjy3TBizmc9zr BGKd4qqV3kZZqzYdlOJmXvkCQjFE9r2L5FGUTFgqNfKWxSOl8Yk= =GC/Z -----END PGP SIGNATURE-----
--- End Message ---
