[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47257: mariadb is vulnerable to CVE-2021-27928 (RCE)
From: |
Léo Le Bouter |
Subject: |
bug#47257: mariadb is vulnerable to CVE-2021-27928 (RCE) |
Date: |
Thu, 25 Mar 2021 12:28:15 +0100 |
User-agent: |
Evolution 3.34.2 |
On Fri, 2021-03-19 at 12:35 +0100, zimoun wrote:
> Instead of grafting, I would fix first check the compatibility
> between
> mariadb and zstd. Because mariadb@10.5.8 does not build with
> zstd@1.4.9, at least on my machine.
Can you post build logs and repro scenario? mariadb@10.5.8 built fine
for me on core-updates which has zstd@1.4.9.
> Other said, I seem better to do this fix as a whole on core-updates
> without any graft. Instead of grafting here and there; and not
> necessary small changes (zstd from 1.4.4 to 1.4.9, mariadb from
> 10.5.8
> to 10.5.8).
We can't patch security issues through core-updates, especially this
RCE.
> All the best,
> simon
signature.asc
Description: This is a digitally signed message part
bug#47257: [PATCH v2] gnu: mariadb: Fix CVE-2021-27928., Léo Le Bouter, 2021/03/25
bug#47257: [PATCH v3] gnu: mariadb: Fix CVE-2021-27928., Léo Le Bouter, 2021/03/25