Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 722782 - <dev-db/mariadb-{5.5.68,10.1.45,10.2.32,10.3.23,10.4.13}: Multiple vulnerabilities (CVE-2020-{2752,2760,2812,2814})
Summary: <dev-db/mariadb-{5.5.68,10.1.45,10.2.32,10.3.23,10.4.13}: Multiple vulnerabil...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+ cve]
Keywords:
Depends on: 774096
Blocks: 699874 CVE-2020-2752, CVE-2020-2760, CVE-2020-2812, CVE-2020-2814
  Show dependency tree
 
Reported: 2020-05-13 02:26 UTC by Sam James
Modified: 2021-09-25 13:55 UTC (History)
2 users (show)

See Also:
Package list:
dev-db/mariadb-10.2.32-r3 amd64 x86 arm arm64 ppc ppc64 dev-db/mariadb-10.3.23-r3 amd64 x86 arm arm64 ppc ppc64 dev-db/mariadb-10.4.13-r3 amd64 x86 arm arm64 ppc ppc64 sys-cluster/galera-26.4.6 amd64 x86 ppc ppc64
Runtime testing required: ---
nattka: sanity-check-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-13 02:41:20 UTC 
@maintainer(s), please bump
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-20 03:57:03 UTC 
@amd64, @arm, @ppc, @ppc64, @x86: ping.

arm64 soon.
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2020-06-20 13:50:38 UTC 
x86 stable
Comment 5 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-06-29 16:04:08 UTC 
amd64 stable
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-09 23:11:39 UTC 
arm64 stable
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-17 00:05:58 UTC 
arm, ppc64, ppc: ping
Comment 8 Larry the Git Cow gentoo-dev 2020-07-26 00:11:12 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e63e4e86be43e95d2c4b9405c8e5f8d35a306772

commit e63e4e86be43e95d2c4b9405c8e5f8d35a306772
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-07-25 23:49:58 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-07-25 23:49:58 +0000

    dev-db/mariadb: partial security cleanup
    
    Bug: https://bugs.gentoo.org/722782
    Package-Manager: Portage-3.0.0, Repoman-2.3.23
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-db/mariadb/Manifest                  |   11 -
 dev-db/mariadb/mariadb-10.1.38-r1.ebuild |    2 +-
 dev-db/mariadb/mariadb-10.1.43.ebuild    |    2 +-
 dev-db/mariadb/mariadb-10.1.44-r1.ebuild |  950 ---------------------------
 dev-db/mariadb/mariadb-10.2.22-r1.ebuild |    2 +-
 dev-db/mariadb/mariadb-10.2.29.ebuild    |    2 +-
 dev-db/mariadb/mariadb-10.2.31-r1.ebuild | 1029 -----------------------------
 dev-db/mariadb/mariadb-10.3.20.ebuild    |  985 ---------------------------
 dev-db/mariadb/mariadb-10.3.22-r1.ebuild | 1032 -----------------------------
 dev-db/mariadb/mariadb-10.4.10.ebuild    | 1015 ----------------------------
 dev-db/mariadb/mariadb-10.4.12.ebuild    | 1059 ------------------------------
 dev-db/mariadb/mariadb-5.5.66.ebuild     |  835 -----------------------
 dev-db/mariadb/mariadb-5.5.67.ebuild     |  835 -----------------------
 13 files changed, 4 insertions(+), 7755 deletions(-)
Comment 9 NATTkA bot gentoo-dev 2020-07-26 00:13:07 UTC Comment hidden (obsolete)
Comment 10 NATTkA bot gentoo-dev 2020-08-06 10:00:42 UTC Comment hidden (obsolete)
Comment 11 NATTkA bot gentoo-dev 2020-08-06 10:08:52 UTC Comment hidden (obsolete)
Comment 12 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-08-07 12:13:43 UTC 
arm done
Comment 13 NATTkA bot gentoo-dev 2020-09-11 10:10:41 UTC Comment hidden (obsolete)
Comment 14 NATTkA bot gentoo-dev 2020-10-07 22:33:02 UTC Comment hidden (obsolete)
Comment 15 NATTkA bot gentoo-dev 2020-10-07 22:37:17 UTC Comment hidden (obsolete)
Comment 16 Sergei Trofimovich (RETIRED) gentoo-dev 2020-11-14 19:31:36 UTC 
ppc64 stable
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2020-12-07 00:39:54 UTC 
This issue was resolved and addressed in
 GLSA 202012-08 at https://security.gentoo.org/glsa/202012-08
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 18 Thomas Deutschmann (RETIRED) gentoo-dev 2020-12-07 00:40:21 UTC 
Re-opening for remaining architectures.
Comment 19 NATTkA bot gentoo-dev 2021-01-22 02:21:07 UTC Comment hidden (obsolete)
Comment 20 NATTkA bot gentoo-dev 2021-01-22 14:57:00 UTC Comment hidden (obsolete)
Comment 21 NATTkA bot gentoo-dev 2021-05-09 14:04:35 UTC Comment hidden (obsolete)
Comment 22 Andreas Sturmlechner gentoo-dev 2021-05-09 23:38:15 UTC 
what about ppc?
Comment 23 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-10 00:45:27 UTC 
Stabilization superseded by bug 774096.
Comment 24 NATTkA bot gentoo-dev 2021-06-24 23:28:40 UTC Comment hidden (obsolete)
Comment 25 NATTkA bot gentoo-dev 2021-06-24 23:36:46 UTC Comment hidden (obsolete)
Comment 26 NATTkA bot gentoo-dev 2021-06-24 23:40:36 UTC 
Unable to check for sanity:

> no match for package: dev-db/mariadb-10.2.32-r3
Comment 27 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-25 13:55:54 UTC 
GLSA done, cleanup done.