GNU bug report logs

#47257 mariadb is vulnerable to CVE-2021-27928 (RCE)

PackageSource(s)Maintainer(s)
guix PTS Buildd Popcon
Full log

Message #49 received at 47257@debbugs.gnu.org (full text, mbox, reply):

Received: (at 47257) by debbugs.gnu.org; 26 Mar 2021 01:18:45 +0000
From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 25 21:18:44 2021
Received: from localhost ([127.0.0.1]:39996 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lPb7c-0000Xa-Np
	for submit@debbugs.gnu.org; Thu, 25 Mar 2021 21:18:44 -0400
Received: from world.peace.net ([64.112.178.59]:45608)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mhw@netris.org>) id 1lPb7b-0000XO-Pl
 for 47257@debbugs.gnu.org; Thu, 25 Mar 2021 21:18:44 -0400
Received: from mhw by world.peace.net with esmtpsa
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mhw@netris.org>)
 id 1lPb7V-0005Dq-Cl; Thu, 25 Mar 2021 21:18:37 -0400
From: Mark H Weaver <mhw@netris.org>
To: Léo Le Bouter <lle-bout@zaclys.net>, 47257@debbugs.gnu.org
Subject: Re: bug#47257: [PATCH v3] gnu: mariadb: Fix CVE-2021-27928.
In-Reply-To: <ebca408b79b4b828de3aca8f55a63977c6d44a42.camel@zaclys.net>
References: <20210325123921.9800-1-lle-bout@zaclys.net>
 <ebca408b79b4b828de3aca8f55a63977c6d44a42.camel@zaclys.net>
Date: Thu, 25 Mar 2021 21:16:59 -0400
Message-ID: <87blb6r9w9.fsf@netris.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 47257
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Léo Le Bouter via Bug reports for GNU Guix <bug-guix@gnu.org> writes:

> v3 tested and builds fine:
>
> $ ./pre-inst-env guix build mariadb
> /gnu/store/f70jymwyfcnsghy4jg8caibci59p8rgq-mariadb-10.5.8-dev
> /gnu/store/cj3qym1x1jjh02m2g23cqpbhchrbmn6c-mariadb-10.5.8-lib
> /gnu/store/mpb5bdf1vkwazqfmmwcvskdm50g191bg-mariadb-10.5.8
>
> Since we don't have PoC, I can't verify the rebased patch actually
> fixes the security issue but it should. That's what we get when
> manually rebasing stuff to earlier versions. Test suite passes but not
> sure it actually tests this security issue being fixed.
>
> Please review, then I will push, it's been 7 days so, let's get this
> in.

Looks good to me.  Please push.  Thank you!

     Mark

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 01:19:18 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.