Register | Log in

mariadb-10.1

Choose email to subscribe with

general

source: mariadb-10.1 (main)
version: 10.1.38-0+deb9u1
maintainer: Debian MySQL Maintainers (archive) (DMD)
uploaders: Otto Kekäläinen [DMD]
arch: all any
std-ver: 3.9.8
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 10.1.38-0+deb9u1
stable-sec: 10.1.37-0+deb9u1

versioned links

10.1.26-0+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.1.37-0+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.1.38-0+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libmariadbclient-dev
libmariadbclient-dev-compat
libmariadbclient18 (4 bugs: 0, 4, 0, 0)
libmariadbd-dev
libmariadbd18
mariadb-client (1 bugs: 0, 1, 0, 0)
mariadb-client-10.1 (5 bugs: 0, 5, 0, 0)
mariadb-client-core-10.1 (1 bugs: 0, 1, 0, 0)
mariadb-common (1 bugs: 0, 1, 0, 0)
mariadb-plugin-connect
mariadb-plugin-cracklib-password-check
mariadb-plugin-gssapi-client
mariadb-plugin-gssapi-server
mariadb-plugin-mroonga (1 bugs: 0, 1, 0, 0)
mariadb-plugin-oqgraph
mariadb-plugin-spider (1 bugs: 0, 1, 0, 0)
mariadb-plugin-tokudb
mariadb-server (8 bugs: 0, 6, 2, 0)
mariadb-server-10.1 (14 bugs: 0, 13, 1, 0)
mariadb-server-core-10.1 (1 bugs: 0, 1, 0, 0)
mariadb-test (1 bugs: 0, 0, 1, 0)
mariadb-test-data

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

6 security issues in stretch high

There are 6 open security issues in stretch.

4 important issues:

CVE-2019-2739: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2019-2740: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2737: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2805: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

2 issues skipped by the security teams:

CVE-2019-2614: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2627: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Please fix them.

Created: 2019-05-03 Last update: 2019-08-03 01:54

news

[2019-04-18] Accepted mariadb-10.1 10.1.38-0+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Otto Kekäläinen)
[2019-04-18] Accepted mariadb-10.1 10.1.37-0+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Otto Kekäläinen)
[2019-01-28] mariadb-10.1 REMOVED from testing (Debian testing watch)
[2019-01-27] Removed 1:10.1.37-3 from unstable (Debian FTP Masters)
[2019-01-27] Removed 1:10.1.29-6 from unstable (Debian FTP Masters)
[2018-12-17] mariadb-10.1 1:10.1.37-3 MIGRATED to testing (Debian testing watch)
[2018-12-08] Accepted mariadb-10.1 1:10.1.37-3 (source) into unstable (Otto Kekäläinen)
[2018-12-01] Accepted mariadb-10.1 1:10.1.37-2 (source) into unstable (Otto Kekäläinen)
[2018-11-19] Accepted mariadb-10.1 10.1.37-0+deb9u1 (source) into stable->embargoed, stable (Otto Kekäläinen)
[2018-11-07] mariadb-10.1 1:10.1.37-1 MIGRATED to testing (Debian testing watch)
[2018-11-04] Accepted mariadb-10.1 1:10.1.37-1 (source amd64 all) into unstable (Otto Kekäläinen)
[2018-08-14] mariadb-10.1 1:10.1.35-1 MIGRATED to testing (Debian testing watch)
[2018-08-08] Accepted mariadb-10.1 1:10.1.35-1 (source amd64 all) into unstable, unstable (Otto Kekäläinen)
[2018-08-08] mariadb-10.1 1:10.1.34-1 MIGRATED to testing (Debian testing watch)
[2018-08-02] Accepted mariadb-10.1 1:10.1.34-1 (source) into unstable (Otto Kekäläinen)
[2017-11-27] mariadb-10.1 1:10.1.29-6 MIGRATED to testing (Debian testing watch)
[2017-11-23] Accepted mariadb-10.1 1:10.1.29-6 (source) into unstable (Ondřej Surý)
[2017-11-22] Accepted mariadb-10.1 1:10.1.29-5 (source) into unstable (Ondřej Surý)
[2017-11-22] Accepted mariadb-10.1 1:10.1.29-4 (source) into unstable (Ondřej Surý)
[2017-11-22] Accepted mariadb-10.1 1:10.1.29-3 (source) into unstable (Ondřej Surý)
[2017-11-22] Accepted mariadb-10.1 1:10.1.29-2 (source) into unstable (Ondřej Surý)
[2017-11-16] Accepted mariadb-10.1 10.1.29-1 (source) into unstable (Ondřej Surý)
[2017-11-12] Accepted mariadb-10.1 10.1.28-2 (source) into unstable (Ondřej Surý)
[2017-10-09] Accepted mariadb-10.1 10.1.28-1 (source) into unstable (Ondřej Surý)
[2017-09-07] Accepted mariadb-10.1 10.1.26-0+deb9u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Ondřej Surý)
[2017-09-05] mariadb-10.1 10.1.26-1 MIGRATED to testing (Debian testing watch)
[2017-08-24] Accepted mariadb-10.1 10.1.26-1 (source amd64 all) into unstable (Ondřej Surý)
[2017-07-30] Accepted mariadb-10.1 10.1.25-1 (source) into unstable (Ondřej Surý)
[2017-06-26] mariadb-10.1 10.1.24-6 MIGRATED to testing (Debian testing watch)
[2017-06-21] Accepted mariadb-10.1 10.1.24-6 (source) into unstable (Ondřej Surý)

1
2

bugs [bug history graph]

all: 22 23
RC: 0
I&N: 21 22
M&W: 1
F&P: 0
patch: 0

links

homepage
buildd: logs, clang, cross
popcon
browse source code
edit tags
security tracker

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing