* SECURITY UPDATE: New upstream version 10.3.39 includes fixes for the
following security vulnerabilities (LP: #2045452):
- CVE-2022-47015
* Add patch to revert upstream libmariadb API change (Debian Bug#1031773)
* Make SysV init script explicit on its dependencies (Debian Bug#1035949)
* Both of the changes above was included in the MariaDB Server version
1:10.3.39-0+deb10u1 in Deban Buster without any reported regressions
since June 2023 and are thus safe and appropriate to include in Ubuntu
20.04 (Focal) as well
* Include extra patch for CVE-2023-22084: A vulnerability allowed high
privileged attacker with network access via multiple protocols to compromise
the server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) the server (Debian Bug#1055034)
* According to https://mariadb.org/about/#maintenance-policy this
was the last minor maintenance release for MariaDB 10.3 series
-- Otto Kekäläinen <email address hidden> Sat, 02 Dec 2023 00:23:50 -0800
This bug was fixed in the package mariadb-10.3 - 1:10.3. 39-0ubuntu0. 20.04.2
--------------- 39-0ubuntu0. 20.04.2) focal-security; urgency=medium
mariadb-10.3 (1:10.3.
* SECURITY UPDATE: New upstream version 10.3.39 includes fixes for the 3.39-0+ deb10u1 in Deban Buster without any reported regressions /mariadb. org/about/ #maintenance- policy this
following security vulnerabilities (LP: #2045452):
- CVE-2022-47015
* Add patch to revert upstream libmariadb API change (Debian Bug#1031773)
* Make SysV init script explicit on its dependencies (Debian Bug#1035949)
* Both of the changes above was included in the MariaDB Server version
1:10.
since June 2023 and are thus safe and appropriate to include in Ubuntu
20.04 (Focal) as well
* Include extra patch for CVE-2023-22084: A vulnerability allowed high
privileged attacker with network access via multiple protocols to compromise
the server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) the server (Debian Bug#1055034)
* According to https:/
was the last minor maintenance release for MariaDB 10.3 series
-- Otto Kekäläinen <email address hidden> Sat, 02 Dec 2023 00:23:50 -0800