+++ This bug was initially created as a clone of Bug #537216 +++ Creating clone to track mariadb as separate bug for clarity. As far as I'm aware there have not been any release yet fixing these issues in mariadb.
From MariaDB 10.0.16 Release Notes on https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/ : Fixes for the following security vulnerabilities: CVE-2015-0411 CVE-2015-0382 CVE-2015-0381 CVE-2015-0432 CVE-2014-6568 CVE-2015-0374 InnoDB upgraded to 5.6.22 XtraDB upgraded to 5.6.22-71.0 TokuDB upgraded to 7.5.4 Updates to the CONNECT handler -- I'm not sure about status for CVE-2015-{0385,0391,0409} for mysql from bug 537216 though.
mariadb-10.0.16 added to the tree. Initial testing suggests it is ready.
mariadb-10.0.16 added to the tree. Initial testing suggests it is ready.(In reply to Kristian Fiskerstrand from comment #1) > From MariaDB 10.0.16 Release Notes on > https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/ : > Fixes for the following security vulnerabilities: > > CVE-2015-0411 > CVE-2015-0382 > CVE-2015-0381 > CVE-2015-0432 > CVE-2014-6568 > CVE-2015-0374 > > InnoDB upgraded to 5.6.22 > XtraDB upgraded to 5.6.22-71.0 > TokuDB upgraded to 7.5.4 > Updates to the CONNECT handler > > -- > I'm not sure about status for CVE-2015-{0385,0391,0409} for mysql from bug > 537216 though. The MariaDB security page shows fixed versions: CVE-2015-0391: MariaDB 5.5.39, MariaDB 10.0.13 From #maria on freenode: 9:27:29 AM - grknight: serg: is MariaDB affected by CVE-2015-{0385,0409} that Oracle announced for mysql in that last release? 9:29:09 AM - serg: grknight: 5.5.41 and 10.0.16 have all MySQL bugfixes from 5.5.41, so MariaDB isn't vulnerable 9:29:34 AM - serg: a couple of CVEs were 5.6 only and don't apply to MariaDB at all
Arches, please test and mark stable. Target keywords: dev-db/mariadb-10.0.16 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 @alpha and ia64: please make sure to complete bug 525296 at the same time for dev-db/mysql and virtual/mysql for best user experience. (Same vulnerabilities)
amd64 stable
x86 stable
Stable for HPPA.
sparc stable
ia64 stable
alpha stable
arm stable
ppc64 stable
ppc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Vulnerable versions have been removed. Security, please continue.
Added to existing GLSA request for bug 537216 (the mysql counterpart to this bug)
This issue was resolved and addressed in GLSA 201504-05 at https://security.gentoo.org/glsa/201504-05 by GLSA coordinator Yury German (BlueKnight).