Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 679024 (CVE-2019-2510, CVE-2019-2529, CVE-2019-2537) - <dev-db/mariadb-{10.0.38,10.1.38-r1,10.2.22,10.3.13}, <dev-db/mariadb-galera-10.0.38: Multiple vulnerabilities (CVE-2019-2510, CVE-2019-2529, CVE-2019-2537)
Summary: <dev-db/mariadb-{10.0.38,10.1.38-r1,10.2.22,10.3.13}, <dev-db/mariadb-galera-...
Status: RESOLVED FIXED
Alias: CVE-2019-2510, CVE-2019-2529, CVE-2019-2537
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-02-28 02:05 UTC by Arfrever Frehtes Taifersar Arahesis
Modified: 2019-08-18 02:30 UTC (History)
2 users (show)

See Also:
Package list:
dev-db/mariadb-10.1.38-r1
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arfrever Frehtes Taifersar Arahesis 2019-02-28 02:05:09 UTC
dev-db/mariadb-5.5.63
  https://mariadb.com/kb/en/library/mariadb-5563-release-notes/
    CVE-2019-2529
  Already in the tree, 5.5.* series not stable


dev-db/mariadb-10.0.38
  https://mariadb.com/kb/en/library/mariadb-10038-release-notes/
    CVE-2019-2529
    CVE-2019-2537
  Already in the tree, probably ready for stabilization


dev-db/mariadb-10.1.38
  https://mariadb.com/kb/en/library/mariadb-10138-release-notes/
    CVE-2019-2529
    CVE-2019-2537
  Already in the tree, probably ready for stabilization


dev-db/mariadb-10.2.22
  https://mariadb.com/kb/en/library/mariadb-10222-release-notes/
    CVE-2019-2510
    CVE-2019-2537
  Already in the tree, 10.2.* series not yet stable


dev-db/mariadb-10.3.13
  https://mariadb.com/kb/en/library/mariadb-10313-release-notes/
    CVE-2019-2510
    CVE-2019-2537
  Not yet in the tree, 10.3.* series not yet stable


dev-db/mariadb-galera-10.0.38
  https://mariadb.com/kb/en/library/mariadb-galera-cluster-10038-release-notes/
    CVE-2019-2529
    CVE-2019-2537
  Not yet in the tree, no stable version
Comment 1 Tomáš Mózes 2019-03-08 08:15:11 UTC
mariadb-10.1.38-r1 with mysql-init-scripts-2.3 on both, regular servers and galera clusters seems to work fine.
Comment 2 Arfrever Frehtes Taifersar Arahesis 2019-03-10 02:02:41 UTC
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a68e22e288d280fd26ed09a3caf70a3fa7047d5

commit 8a68e22e288d280fd26ed09a3caf70a3fa7047d5
Author:     Brian Evans <grknight@gentoo.org>
AuthorDate: 2019-03-08 17:46:48 +0000
Commit:     Brian Evans <grknight@gentoo.org>
CommitDate: 2019-03-08 17:46:48 +0000

    dev-db/mariadb: Version bump for 10.3.13
    
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Brian Evans <grknight@gentoo.org>
Comment 3 Larry the Git Cow gentoo-dev 2019-03-10 04:20:56 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=37dfb9ddf1119b3f07fc80afc52adaf36dc2c878

commit 37dfb9ddf1119b3f07fc80afc52adaf36dc2c878
Author:     Brian Evans <grknight@gentoo.org>
AuthorDate: 2019-03-10 04:19:32 +0000
Commit:     Brian Evans <grknight@gentoo.org>
CommitDate: 2019-03-10 04:19:32 +0000

    dev-db/mariadb-galera: Version bump for 10.0.38
    
    Bug: https://bugs.gentoo.org/679024
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Brian Evans <grknight@gentoo.org>

 dev-db/mariadb-galera/Manifest                     |   2 +
 .../mariadb-galera/mariadb-galera-10.0.38.ebuild   | 859 +++++++++++++++++++++
 2 files changed, 861 insertions(+)
Comment 4 Brian Evans Gentoo Infrastructure gentoo-dev 2019-03-22 19:09:03 UTC
Arches, please test and mark stable
Comment 5 Agostino Sarubbo gentoo-dev 2019-03-22 21:29:31 UTC
amd64 stable
Comment 6 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-03-25 21:20:04 UTC
arm stable
Comment 7 Thomas Deutschmann gentoo-dev Security 2019-03-27 23:21:34 UTC
x86 stable
Comment 8 Thomas Deutschmann gentoo-dev Security 2019-03-27 23:46:28 UTC
x86 stable
Comment 9 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-04-02 12:13:27 UTC
alpha stable
Comment 10 Brian Evans Gentoo Infrastructure gentoo-dev 2019-05-15 13:30:29 UTC
dev-db/mariadb-10.0.38 removed from stable list as 10.0 is obsolete and due to
be removed
Comment 11 Agostino Sarubbo gentoo-dev 2019-06-05 07:14:33 UTC
ppc stable
Comment 12 Agostino Sarubbo gentoo-dev 2019-06-05 07:28:29 UTC
ia64 stable
Comment 13 Agostino Sarubbo gentoo-dev 2019-07-02 10:40:50 UTC
ppc64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 14 Larry the Git Cow gentoo-dev 2019-07-02 12:27:51 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f3c8590c1c8bb857c79d1b06c638aed58c64b92

commit 6f3c8590c1c8bb857c79d1b06c638aed58c64b92
Author:     Brian Evans <grknight@gentoo.org>
AuthorDate: 2019-07-02 12:27:37 +0000
Commit:     Brian Evans <grknight@gentoo.org>
CommitDate: 2019-07-02 12:27:37 +0000

    dev-db/mariadb: Clean up old and vulnerable versions
    
    Bug: https://bugs.gentoo.org/679024
    Bug: https://bugs.gentoo.org/670388
    Package-Manager: Portage-2.3.68, Repoman-2.3.16
    Signed-off-by: Brian Evans <grknight@gentoo.org>

 dev-db/mariadb/Manifest               |   7 -
 dev-db/mariadb/mariadb-10.1.34.ebuild | 887 -------------------------------
 dev-db/mariadb/mariadb-10.1.37.ebuild | 887 -------------------------------
 dev-db/mariadb/mariadb-10.2.24.ebuild | 972 ---------------------------------
 dev-db/mariadb/mariadb-10.3.13.ebuild | 973 ---------------------------------
 dev-db/mariadb/mariadb-10.3.15.ebuild | 974 ----------------------------------
 dev-db/mariadb/mariadb-5.5.63.ebuild  | 831 -----------------------------
 7 files changed, 5531 deletions(-)
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2019-08-18 02:30:06 UTC
This issue was resolved and addressed in
 GLSA 201908-24 at https://security.gentoo.org/glsa/201908-24
by GLSA coordinator Aaron Bauman (b-man).