Public bug reported:

MariaDB announced new minor maintenance releases on Nov 1st, 2024:
https://mariadb.com/resources/blog/mariadb-community-
server-q4-2024-maintenance-releases/

In this round of releases, there are *no* CVE tracked security fixes
(https://mariadb.com/kb/en/security/), but I would still suggest these
to be made available for all Ubuntu users in all supported Ubuntu
releases. All MySQL releases have always had related CVEs, and for past
10 years almost all MariaDB releases have have at least one CVE as well
and thus have been uploaded to Ubuntu as security releases by security
sponsors (see e.g.
https://bugs.launchpad.net/ubuntu/+source/mariadb/+bug/2067125 and
https://wiki.ubuntu.com/SecurityTeam/PublicationNotes#Sponsoring_MariaDB_Security_Updates).

Hence, these uploads would need to be done following the New upstream
microrelease policy (https://canonical-sru-docs.readthedocs-
hosted.com/en/latest/reference/requirements/#new-upstream-
microreleases).

I am already working on MariaDB updates for all Debian releases. After that, I 
could invest the effort to do it for all Ubuntu releases, but to minimize 
wasted effort, I'd like to have confirmation from ~ubuntu-sru that the New 
upstream microrelease policy indeed could be applied for all maintained Ubuntu 
versions for MariaDB:
- mariadb-10.6 (10.6.20) in Jammy
- mariadb (10.11.10) in Noble
- mariadb (11.4.4) in Oracular

** Affects: mariadb (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2086527

Title:
  New upstream microreleases: MariaDB 11.4.4 et al

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mariadb/+bug/2086527/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to