CVE-2022-47015 (https://github.com/MariaDB/server/commit/be0a46b3d52b58956fd0d47d040b9f4514406954): MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. The CVE references a commit that Github says isn't in the repository, but there is another commit with a similar summary: https://github.com/MariaDB/server/commit/1e16921d77955e67e8a2e25b62523f526d29c2ed Either way, not in any tag so not sure it's in any release.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a6989ff9a6c9f4e650adf8d7825b5ae89f104ae commit 3a6989ff9a6c9f4e650adf8d7825b5ae89f104ae Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2023-06-02 17:25:40 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-06-03 02:07:21 +0000 dev-db/mariadb: add 10.4.29, 10.5.20, 10.6.13, 10.11.3 Bug: https://bugs.gentoo.org/891781 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/31276 Signed-off-by: Sam James <sam@gentoo.org> dev-db/mariadb/Manifest | 6 + dev-db/mariadb/mariadb-10.11.3.ebuild | 1319 ++++++++++++++++++++++++++++++++ dev-db/mariadb/mariadb-10.4.29.ebuild | 1312 ++++++++++++++++++++++++++++++++ dev-db/mariadb/mariadb-10.5.20.ebuild | 1319 ++++++++++++++++++++++++++++++++ dev-db/mariadb/mariadb-10.6.13.ebuild | 1329 +++++++++++++++++++++++++++++++++ 5 files changed, 5285 insertions(+)
