← Back to team overview

maria-discuss team mailing list archive

Fwd: CVE list for connectors

 

Hello,

On this page: https://mariadb.com/kb/en/library/security/
I can find CVEs that affect MariaDB server and releases they were fixed in.

Other useful page is this one:
https://mariadb.com/kb/en/library/security-vulnerabilities-in-oracle-
mysql-that-did-not-exist-in-mariadb/

--

I'd like to ask you to also list CVEs applicable for connectors and
versions of connectors (CONC, CONJ, ODBC) they were fixed in, since there
is not direct relationship between:
 1) server nad CONC
 2) ODBC and CONC
Server is (or atleast should be) built on top of released version of the
CONC, not the latest Git content. Atleast downstreams starts to use this
scheme (separate server and client library - the CONC), so they depend only
on the released versions of the CONC.

--

For example CVE-2018-3081 should be fixed in CONC 3.0.5, however since nor
git commit, nor CONC release notes says it explicitly, I can only guess.

--

Michal Schorm
Associate Software Engineer
Core Services - Databases Team
Red Hat