#47257 - mariadb is vulnerable to CVE-2021-27928 (RCE)

Package	Source(s)		Maintainer(s)
guix		PTS Buildd Popcon

Message #22 received at 47257@debbugs.gnu.org (full text, mbox, reply):

Received: (at 47257) by debbugs.gnu.org; 19 Mar 2021 11:40:55 +0000
From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 19 07:40:55 2021
Received: from localhost ([127.0.0.1]:48955 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lNDUt-0004kd-66
	for submit@debbugs.gnu.org; Fri, 19 Mar 2021 07:40:55 -0400
Received: from mail-wm1-f48.google.com ([209.85.128.48]:40768)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <zimon.toutoune@gmail.com>) id 1lNDUo-0004kJ-Sw
 for 47257@debbugs.gnu.org; Fri, 19 Mar 2021 07:40:54 -0400
Received: by mail-wm1-f48.google.com with SMTP id
 y124-20020a1c32820000b029010c93864955so7138852wmy.5
 for <47257@debbugs.gnu.org>; Fri, 19 Mar 2021 04:40:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:subject:in-reply-to:references:date:message-id:mime-version
 :content-transfer-encoding;
 bh=rV7gS82r3f5ofvDazkQk6Yt1PSYrmKiG3P+kbQyxl1U=;
 b=W0gPYEjfttgdfeE8bolal4b8t0iSaYlprgu7xDiqKRw7AVxYEntVvFqdoZlxqb6pty
 xV7HER0aOxXw8XPCrarAdxjamELUqdhkwcLjLIVW9WzxP+2QPQTclizwLh9GxT1wxPOx
 mUBKZX65JT76QAElLFdvZgAxDOiTOpgF8A8VDQFtDW+IhIluV6DEQFdGY9sQNuYJ1JUz
 adD4R7fG5gBLyPHS71RmjpKEf+AJJeKyoyIJVwd6RgnZ95hSrM+oYcRGMmPGSMVyFlQX
 WHGuxe45yMYq2Tjko2TG5zjJ0L6bwZ6owFSLW6T9p+ekL7VwnZxbR4C3Dkm6LhcFYkDc
 wwVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:subject:in-reply-to:references:date
 :message-id:mime-version:content-transfer-encoding;
 bh=rV7gS82r3f5ofvDazkQk6Yt1PSYrmKiG3P+kbQyxl1U=;
 b=mtc0a+4VhcCstp+HCly70PXHQ2Vnf+E2T+/tsEEH3VkpVMtie6Fmi8wunvBJjJTPvf
 F3ZsSJxsUB1g3NdnkEuMO+CNkhSM/I/l8dt4HOH15lYxP0x4c2uJUD1+GFGP9XbUnfGB
 C7uSf4BMsY3hr+4OdtlpgtHvZCjuNaZvJccGmvuNTTw5cn1096K8256q6A0OSKteiN/D
 jYU+6Wg/IQiWBYCxB1v4Z99Aej66A7+IgtkFYNDBcxl1ATTGWMn+sJPPyIfeb8tUL9vu
 W9cc9o/hYPHbQp/edOdjZyqYy8lrIUkKtw9alThOj5qmowXCoILbtcTra/Q803kW68OK
 HrRg==
X-Gm-Message-State: AOAM530g26NTJRmZhqSF+0tPbV0Ll5jrvAUCykzA1ebLajf51ZT6vbGm
 B8Ghml9SjdaTqyL5gvsDPaq8Xcr7Bto=
X-Google-Smtp-Source: ABdhPJyxfuGuNryxMvV0XM6J7KDjkQtzv5LU9mx/wUfI3MfDE4LTgG7eHZME+KgkEbJ/nikUCzRTwA==
X-Received: by 2002:a1c:2016:: with SMTP id g22mr3329079wmg.137.1616154045089; 
 Fri, 19 Mar 2021 04:40:45 -0700 (PDT)
Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e])
 by smtp.gmail.com with ESMTPSA id 18sm5865928wmj.21.2021.03.19.04.40.44
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 19 Mar 2021 04:40:44 -0700 (PDT)
From: zimoun <zimon.toutoune@gmail.com>
To: Léo Le Bouter <lle-bout@zaclys.net>, 47257@debbugs.gnu.org
Subject: Re: bug#47257: mariadb is vulnerable to CVE-2021-27928 (RCE)
In-Reply-To: <7d6d60c61fc372f62125ef5a36bc22956db5907e.camel@zaclys.net>
References: <7d6d60c61fc372f62125ef5a36bc22956db5907e.camel@zaclys.net>
Date: Fri, 19 Mar 2021 12:35:11 +0100
Message-ID: <86r1kbl6kw.fsf@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 47257
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi,

On Fri, 19 Mar 2021 at 11:25, Léo Le Bouter via Bug reports for GNU Guix <bug-guix@gnu.org> wrote:

> Is it possible to graft mariadb you think? I am thinking this issue
> doesnt need updating of the "lib" output which is what's causing the
> high number of dependents AIUI. I am not sure we could actually update
> individual outputs right now though. Might be a good idea to split the
> packages for the future.

Instead of grafting, I would fix first check the compatibility between
mariadb  and zstd.  Because mariadb@10.5.8 does not build with
zstd@1.4.9, at least on my machine.

Other said, I seem better to do this fix as a whole on core-updates
without any graft.  Instead of grafting here and there; and not
necessary small changes (zstd from 1.4.4 to 1.4.9, mariadb from 10.5.8
to 10.5.8).

All the best,
simon

Display info messages

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 01:32:59 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

#47257 mariadb is vulnerable to CVE-2021-27928 (RCE)