Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 789240 - <dev-db/mariadb-{10.2.38,10.3.29,10.4.19,10.5.10}: multiple vulnerabilities (CVE-2021-{2154,2166,2180})
Summary: <dev-db/mariadb-{10.2.38,10.3.29,10.4.19,10.5.10}: multiple vulnerabilities (...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+ cve]
Keywords:
Depends on:
Blocks: CVE-2021-2154, CVE-2021-2166, CVE-2021-2180
  Show dependency tree
 
Reported: 2021-05-09 23:32 UTC by GLSAMaker/CVETool Bot
Modified: 2021-08-10 20:59 UTC (History)
2 users (show)

See Also:
Package list:
dev-db/mariadb-10.2.38-r1 dev-db/mariadb-10.3.29-r1 dev-db/mariadb-10.4.19-r1 dev-db/mariadb-10.5.10-r1 sys-cluster/galera-26.4.8 amd64 ppc ppc64 x86
Runtime testing required: ---
nattka: sanity-check-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2021-05-09 23:32:52 UTC 
Incoming details.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-09 23:34:47 UTC 
See tracker bug 789237.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-25 01:05:25 UTC 
x86 stable
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2021-05-26 09:53:39 UTC 
This issue was resolved and addressed in
 GLSA 202105-28 at https://security.gentoo.org/glsa/202105-28
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-26 09:54:32 UTC 
Re-opening for remaining architectures.
Comment 5 Sébastien P. 2021-05-26 21:02:09 UTC 
10.5.10 seems to work fine on my amd64.
Comment 6 Laszlo Valko 2021-06-08 23:21:26 UTC 
Is there any specific reason why a security fix has been marked as stable for x86 two weeks ago, and not yet for amd64?
Comment 7 Tomáš Mózes 2021-06-09 12:26:06 UTC 
Also confirming that these work for me on amd64:

dev-db/mariadb-10.2.38
dev-db/mariadb-10.3.29
dev-db/mariadb-10.4.19
dev-db/mariadb-10.5.10
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-09 21:10:09 UTC 
amd64 done
Comment 9 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-09 21:10:11 UTC 
arm done
Comment 10 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-09 21:10:13 UTC 
arm64 done
Comment 11 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-10 18:59:13 UTC 
(In reply to Laszlo Valko from comment #6)
> Is there any specific reason why a security fix has been marked as stable
> for x86 two weeks ago, and not yet for amd64?

Thanks for the pings (and others for letting us know it works too). The test suite for MariaDB needs manual intervention so it took some time for me to get to it as university has only just finished.
Comment 12 Tomáš Mózes 2021-06-10 19:44:04 UTC 
(In reply to Sam James from comment #11)
> (In reply to Laszlo Valko from comment #6)
> > Is there any specific reason why a security fix has been marked as stable
> > for x86 two weeks ago, and not yet for amd64?
> 
> Thanks for the pings (and others for letting us know it works too). The test
> suite for MariaDB needs manual intervention so it took some time for me to
> get to it as university has only just finished.

Thank you Sam.
Comment 13 NATTkA bot gentoo-dev 2021-06-24 23:28:28 UTC Comment hidden (obsolete)
Comment 14 Agostino Sarubbo gentoo-dev 2021-07-31 13:05:01 UTC 
ppc64 stable
Comment 15 NATTkA bot gentoo-dev 2021-08-10 16:32:32 UTC 
Unable to check for sanity:

> no match for package: dev-db/mariadb-10.2.38-r1
Comment 16 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-10 20:59:49 UTC 
Last arch stabled, cleanup done, all done \o/