+++ This bug was initially created as a clone of Bug #606254 +++ http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL It will follow an update for mariadb too.
Here are the upstream changelogs: https://mariadb.com/kb/en/mariadb/mariadb-10029-release-notes/ https://mariadb.com/kb/en/mariadb/mariadb-10121-release-notes/ They list the following CVEs: CVE-2016-6664,CVE-2017-3238,CVE-2017-3243,CVE-2017-3244,CVE-2017-3257,CVE-2017-3258,CVE-2017-3265,CVE-2017-3291,CVE-2017-3312,CVE-2017-3317,CVE-2017-3318 Fixed versions are 10.0.29 and 10.1.21. 10.0.29 is already in portage.
10.1.x branch has never been stabilized. @maintainer(s), ready to stabilize?
@ Arches, please test and mark stable. The test suite should pass following the official instructions. Local timeouts may be expected on resource starved machines. (each test thread can spawn up to 4 server instances) Target keywords: =dev-db/mariadb-10.0.29 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 # Official test instructions: # USE='embedded extraengine perl server openssl static-libs' \ # FEATURES='test userpriv -usersandbox' \ # ebuild mariadb-10.0.29.ebuild \ # digest clean package # Parallel testing is enabled, auto will try to detect number of cores # You may set this by hand. # The default maximum is 8 unless MTR_MAX_PARALLEL is increased export MTR_PARALLEL="${MTR_PARALLEL:-auto}"
amd64 stable
x86 stable
Stable on alpha.
Stable for PPC64.
Stable for HPPA.
ppc stable
Added to existing GLSA.
arm stable
sparc stable
ia64 stable. Maintainer(s), please cleanup.
Cleanup complete
This issue was resolved and addressed in GLSA 201702-18 at https://security.gentoo.org/glsa/201702-18 by GLSA coordinator Thomas Deutschmann (whissi).