CVE-2022-32081 (https://jira.mariadb.org/browse/MDEV-26420): MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. CVE-2022-32082 (https://jira.mariadb.org/browse/MDEV-26433): MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. CVE-2022-32084 (https://jira.mariadb.org/browse/MDEV-26427): MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. CVE-2022-32088 (https://jira.mariadb.org/browse/MDEV-26419): MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. All "unresolved" according to Jira.
CVE-2022-38791 (https://jira.mariadb.org/browse/MDEV-28719): In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. Looks like this is fixed in 10.3.36, 10.4.26, 10.5.17, 10.6.9 according to the jira ticket
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89624d763af7d3357979d432e9ac5f1dc79ccea1 commit 89624d763af7d3357979d432e9ac5f1dc79ccea1 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-10-21 14:21:53 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-10-28 12:21:08 +0000 dev-db/mariadb: add 10.3.36/10.4.26/10.5.17/10.6.10 Bug: https://bugs.gentoo.org/856484 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/27877 Signed-off-by: Sam James <sam@gentoo.org> dev-db/mariadb/Manifest | 8 + dev-db/mariadb/mariadb-10.3.36.ebuild | 1287 ++++++++++++++++++++++++++++++++ dev-db/mariadb/mariadb-10.4.26.ebuild | 1308 ++++++++++++++++++++++++++++++++ dev-db/mariadb/mariadb-10.5.17.ebuild | 1315 ++++++++++++++++++++++++++++++++ dev-db/mariadb/mariadb-10.6.10.ebuild | 1319 +++++++++++++++++++++++++++++++++ 5 files changed, 5237 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=239a967711dd12b03af74eca33a8133ee36ba978 commit 239a967711dd12b03af74eca33a8133ee36ba978 Author: Tomas Mozes <hydrapolic@gmail.com> AuthorDate: 2022-12-09 19:14:27 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-14 03:52:13 +0000 dev-db/mariadb: remove vulnerable and eol Bug: https://bugs.gentoo.org/856484 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> dev-db/mariadb/Manifest | 10 - dev-db/mariadb/mariadb-10.2.44.ebuild | 1294 ------------------------------ dev-db/mariadb/mariadb-10.3.35.ebuild | 1286 ------------------------------ dev-db/mariadb/mariadb-10.4.25.ebuild | 1307 ------------------------------ dev-db/mariadb/mariadb-10.5.16.ebuild | 1314 ------------------------------ dev-db/mariadb/mariadb-10.6.8-r1.ebuild | 1320 ------------------------------- dev-db/mariadb/metadata.xml | 1 - 7 files changed, 6532 deletions(-)
CVE-2023-5157: A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. Fixes in 10.8.4, 10.7.5, 10.6.9, 10.5.17, and 10.4.26 according to https://mariadb.com/kb/en/security/.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=b69f175bb86c550d8cad22e4c391edbf3ccd7c16 commit b69f175bb86c550d8cad22e4c391edbf3ccd7c16 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-08 08:40:00 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-08 08:40:18 +0000 [ GLSA 202405-25 ] MariaDB: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/699874 Bug: https://bugs.gentoo.org/822759 Bug: https://bugs.gentoo.org/832490 Bug: https://bugs.gentoo.org/838244 Bug: https://bugs.gentoo.org/847526 Bug: https://bugs.gentoo.org/856484 Bug: https://bugs.gentoo.org/891781 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-25.xml | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+)