GNU bug report logs - #47257
mariadb is vulnerable to CVE-2021-27928 (RCE)

Previous Next

Package: guix;

Reported by: Léo Le Bouter <lle-bout <at> zaclys.net>

Date: Fri, 19 Mar 2021 10:26:02 UTC

Severity: normal

Tags: security

Done: Léo Le Bouter <lle-bout <at> zaclys.net>

Bug is archived. No further changes may be made.

Full log

Message #22 received at 47257 <at> debbugs.gnu.org (full text, mbox):

From: zimoun <zimon.toutoune <at> gmail.com>
To: Léo Le Bouter <lle-bout <at> zaclys.net>, 47257 <at> debbugs.gnu.org
Subject: Re: bug#47257: mariadb is vulnerable to CVE-2021-27928 (RCE)
Date: Fri, 19 Mar 2021 12:35:11 +0100

Hi,

On Fri, 19 Mar 2021 at 11:25, Léo Le Bouter via Bug reports for GNU Guix <bug-guix <at> gnu.org> wrote:

> Is it possible to graft mariadb you think? I am thinking this issue
> doesnt need updating of the "lib" output which is what's causing the
> high number of dependents AIUI. I am not sure we could actually update
> individual outputs right now though. Might be a good idea to split the
> packages for the future.

Instead of grafting, I would fix first check the compatibility between
mariadb  and zstd.  Because mariadb <at> 10.5.8 does not build with
zstd <at> 1.4.9, at least on my machine.

Other said, I seem better to do this fix as a whole on core-updates
without any graft.  Instead of grafting here and there; and not
necessary small changes (zstd from 1.4.4 to 1.4.9, mariadb from 10.5.8
to 10.5.8).

All the best,
simon

This bug report was last modified 4 years and 50 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #47257 mariadb is vulnerable to CVE-2021-27928 (RCE)

GNU bug report logs - #47257
mariadb is vulnerable to CVE-2021-27928 (RCE)