https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22084
10.6 / 10.11 vulnerable
https://mariadb.com/kb/en/mariadb-10-6-16-release-notes/ https://mariadb.com/kb/en/mariadb-10-11-6-release-notes/
"Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. "
Apparently affects mysql too, moving CVE to a tracker.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=928db5c7c38aeffca38c5105864e2fcb67cda315 commit 928db5c7c38aeffca38c5105864e2fcb67cda315 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2024-01-11 15:03:33 +0000 Commit: Petr Vaněk <arkamar@gentoo.org> CommitDate: 2024-01-30 18:45:57 +0000 dev-db/mariadb: add 10.6.16, 10.11.6 Bug: https://bugs.gentoo.org/917515 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/33876 Signed-off-by: Petr Vaněk <arkamar@gentoo.org> dev-db/mariadb/Manifest | 4 + dev-db/mariadb/mariadb-10.11.6.ebuild | 1318 ++++++++++++++++++++++++++++++++ dev-db/mariadb/mariadb-10.6.16.ebuild | 1329 +++++++++++++++++++++++++++++++++ 3 files changed, 2651 insertions(+)
I've moved this bug back to "stable?" since only amd64 and x86 were dealt with in the stable bug and arm, arm64, ppc, ppc64 still remain to be done.
