maria-discuss team mailing list archive

Thread
Date

Inclusion of Mysql security fixes in MariaDB

To: maria-discuss@xxxxxxxxxxxxxxxxxxx
From: Raina Masand <cf-core-services-eng@xxxxxxxxxx>
Date: Fri, 23 Jan 2015 11:58:36 -0800

Hello,

We recently were informed of some security fixes in Mysql 5.5.41:
http://www.ubuntu.com/usn/usn-2480-1/ and are wondering whether there are
plans to include these in an upcoming MariaDB release.  Right now, we are
running 10.0.13, so we're trying to plan the next upgrade. We see that
there have been similar fixes included in MariaDB 10.0.14 and 10.0.15, so
this seems likely.

Based on this https://mariadb.com/kb/en/mariadb/development/security/ list
of CVE's, it looks like the MariaDB 10.0.15 and MariaDB 5.5.40 include the
same security fixes (presumably pulled from Mysql 5.5.40). Can we expect
that the fixes from Mysql 5.5.41 will be included in an upcoming MariaDB
10.0.16 release? Would appreciate any insight into the general schedule for
addressing these vulnerabilities.

Thanks!

Raina Masand and Lyle Franklin
Cloud Foundry Core Services Team

Follow ups

Re: Inclusion of Mysql security fixes in MariaDB
From: Sergei Golubchik, 2015-01-26