Register | Log in

mariadb-10.5

Choose email to subscribe with

general

source: mariadb-10.5 (main)
version: 1:10.5.15-0+deb11u1
maintainer: Debian MySQL Maintainers (archive) (DMD)
uploaders: Otto Kekäläinen [DMD]
arch: all any
std-ver: 4.5.0
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 1:10.5.15-0+deb11u1

versioned links

1:10.5.15-0+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libmariadb-dev (1 bugs: 0, 1, 0, 0)
libmariadb-dev-compat (1 bugs: 0, 1, 0, 0)
libmariadb3 (1 bugs: 0, 1, 0, 0)
libmariadbd-dev
libmariadbd19
mariadb-backup
mariadb-client (5 bugs: 0, 4, 1, 0)
mariadb-client-10.5
mariadb-client-core-10.5
mariadb-common (1 bugs: 0, 1, 0, 0)
mariadb-plugin-connect
mariadb-plugin-cracklib-password-check
mariadb-plugin-gssapi-client
mariadb-plugin-gssapi-server
mariadb-plugin-mroonga (1 bugs: 0, 1, 0, 0)
mariadb-plugin-oqgraph
mariadb-plugin-rocksdb
mariadb-plugin-s3
mariadb-plugin-spider
mariadb-server (9 bugs: 0, 6, 3, 0)
mariadb-server-10.5 (2 bugs: 1, 1, 0, 0)
mariadb-server-core-10.5 (1 bugs: 0, 1, 0, 0)
mariadb-test
mariadb-test-data

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:

CVE-2022-27385: (needs triaging) An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.

You can find information about how to handle this issue in the security team's documentation.

35 issues that should be fixed with the next stable update:

CVE-2021-46669: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
CVE-2022-27376: MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.
CVE-2022-27377: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.
CVE-2022-27378: An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
CVE-2022-27379: An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
CVE-2022-27380: An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
CVE-2022-27381: An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
CVE-2022-27382: MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.
CVE-2022-27383: MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.
CVE-2022-27384: An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
CVE-2022-27386: MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.
CVE-2022-27387: MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.
CVE-2022-27444: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.
CVE-2022-27445: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.
CVE-2022-27446: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.
CVE-2022-27447: MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.
CVE-2022-27448: There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.
CVE-2022-27449: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.
CVE-2022-27451: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.
CVE-2022-27452: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.
CVE-2022-27455: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.
CVE-2022-27456: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.
CVE-2022-27457: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.
CVE-2022-27458: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.
CVE-2022-32081: MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.
CVE-2022-32082: MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.
CVE-2022-32083: MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.
CVE-2022-32084: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
CVE-2022-32085: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.
CVE-2022-32086: MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.
CVE-2022-32087: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.
CVE-2022-32088: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.
CVE-2022-32089: MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.
CVE-2022-32091: MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.
CVE-2022-38791: In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.

Created: 2022-07-04 Last update: 2022-12-02 12:37

news

[2022-03-14] Accepted mariadb-10.5 1:10.5.15-0+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Otto Kekäläinen)
[2022-03-14] Accepted mariadb-10.5 1:10.5.13-0+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Otto Kekäläinen)
[2022-02-07] Removed 1:10.5.12-1 from unstable (Debian FTP Masters)
[2022-02-06] mariadb-10.5 REMOVED from testing (Debian testing watch)
[2021-09-18] Accepted mariadb-10.5 1:10.5.12-0+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Otto Kekäläinen)
[2021-08-16] mariadb-10.5 1:10.5.12-1 MIGRATED to testing (Debian testing watch)
[2021-08-09] Accepted mariadb-10.5 1:10.5.12-1 (source) into unstable (Otto Kekäläinen)
[2021-07-31] mariadb-10.5 1:10.5.11-1 MIGRATED to testing (Debian testing watch)
[2021-07-26] Accepted mariadb-10.5 1:10.5.11-1 (source) into unstable (Otto Kekäläinen)
[2021-07-18] Accepted mariadb-10.5 1:10.5.11-1~exp1 (source) into experimental (Otto Kekäläinen)
[2021-05-29] mariadb-10.5 1:10.5.10-2 MIGRATED to testing (Debian testing watch)
[2021-05-24] Accepted mariadb-10.5 1:10.5.10-2 (source) into unstable (Otto Kekäläinen)
[2021-05-17] Accepted mariadb-10.5 1:10.5.10-1 (source) into unstable (Otto Kekäläinen)
[2021-03-06] mariadb-10.5 1:10.5.9-1 MIGRATED to testing (Debian testing watch)
[2021-02-23] Accepted mariadb-10.5 1:10.5.9-1 (source) into unstable (Otto Kekäläinen)
[2020-11-27] mariadb-10.5 1:10.5.8-3 MIGRATED to testing (Debian testing watch)
[2020-11-23] Accepted mariadb-10.5 1:10.5.8-3 (source) into unstable (Otto Kekäläinen)
[2020-11-17] Accepted mariadb-10.5 1:10.5.8-2 (source) into unstable (Otto Kekäläinen)
[2020-11-13] Accepted mariadb-10.5 1:10.5.8-1 (source) into unstable (Otto Kekäläinen)
[2020-10-26] Accepted mariadb-10.5 1:10.5.6-2 (source) into unstable (Otto Kekäläinen)
[2020-10-15] Accepted mariadb-10.5 1:10.5.6-1 (source) into unstable (Otto Kekäläinen)
[2020-10-09] Accepted mariadb-10.5 1:10.5.5-3 (source) into unstable (Otto Kekäläinen)
[2020-10-07] Accepted mariadb-10.5 1:10.5.5-3~exp2 (source) into experimental (Otto Kekäläinen)
[2020-10-07] Accepted mariadb-10.5 1:10.5.5-3~exp1 (source) into experimental (Otto Kekäläinen)
[2020-10-06] Accepted mariadb-10.5 1:10.5.5-2 (source) into unstable (Otto Kekäläinen)
[2020-09-25] Accepted mariadb-10.5 1:10.5.5-1 (source) into unstable (Otto Kekäläinen)
[2020-09-12] Accepted mariadb-10.5 1:10.5.5-1~exp1 (source amd64 all) into experimental, experimental (Debian FTP Masters) (signed by: Otto Kekäläinen)

bugs [bug history graph]

all: 3
RC: 1
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
buildd: logs, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing