GNU bug report logs - #47257
mariadb is vulnerable to CVE-2021-27928 (RCE)

Previous Next

Package: guix;

Reported by: Léo Le Bouter <lle-bout <at> zaclys.net>

Date: Fri, 19 Mar 2021 10:26:02 UTC

Severity: normal

Tags: security

Done: Léo Le Bouter <lle-bout <at> zaclys.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Léo Le Bouter <lle-bout <at> zaclys.net>
To: zimoun <zimon.toutoune <at> gmail.com>
Cc: 47257 <at> debbugs.gnu.org
Subject: bug#47257: mariadb is vulnerable to CVE-2021-27928 (RCE)
Date: Tue, 30 Mar 2021 02:26:30 +0200

[Message part 1 (text/plain, inline)]
Hello!

Simon,

I pushed 00c67375b17f4a4cfad53399d1918f2e7eba2c7d to core-updates. Your
patch. Thank you for it. Let's watch for upstream zstd fix also.

I pushed 9feef62b73e284e106717a386624d6da90750a3d to master.

Ubuntu released a patch in the mean time, so while we couldnt make such
patch in a timely manner because the backport was non-trivial and
security-sensitive also didnt want to risk failing to fix the flaw
because I don't have much expertise on it, Ubuntu now has done that
work and we can just use it.

Léo

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 4 years and 51 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.