← Back to team overview

maria-developers team mailing list archive

Re: Several CVE's in Oracle MySQL, is MariaDB vulnerable?


Hi, Daniel!

On Oct 24, Daniel Black wrote:
> > Hello everyone,
> > Sorry when I am on the wrong mailinglist. I wanted to submit a
> > bugreport or issue for this but I can't signup for your JIRA because
> > of license reasons.
> Keen to know which conditions where a problem. May affect other people.

I've just found out. It turned out that we're run out of accounts (our
Jira license has a limit on that). I've deactivated accounts that were
created during our launchpad->jira migration (they weren't real users
anyway), so registration should work again for a while.

Meanwhile we'll fix the license.

> > I am from the Archlinux-Security Team and want to ask if mariadb in the actual
> > version is vulnerable to the following CVEs:
> > 
> > CVE-2015-4913 CVE-2015-4910 CVE-2015-4905 CVE-2015-4904 CVE-2015-4895
> > CVE-2015-4890 CVE-2015-4879 CVE-2015-4870 CVE-2015-4862 CVE-2015-4864
> > CVE-2015-4861 CVE-2015-4858 CVE-2015-4836 CVE-2015-4833 CVE-2015-4830
> > CVE-2015-4826 CVE-2015-4819 CVE-2015-4815 CVE-2015-4807 CVE-2015-4802
> > CVE-2015-4800 CVE-2015-4792 CVE-2015-4791 CVE-2015-4766
> > 
> > I hope you can help me.
> Of course, listed here:
> https://mariadb.com/kb/en/mariadb/security/

I've just added them after this Archlinux email :)

Oracle has released a new critical patch update - so these CVEs were
made public very recently.


Follow ups