[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47257: mariadb is vulnerable to CVE-2021-27928 (RCE)
From: |
zimoun |
Subject: |
bug#47257: mariadb is vulnerable to CVE-2021-27928 (RCE) |
Date: |
Fri, 19 Mar 2021 12:35:11 +0100 |
Hi,
On Fri, 19 Mar 2021 at 11:25, Léo Le Bouter via Bug reports for GNU Guix
<bug-guix@gnu.org> wrote:
> Is it possible to graft mariadb you think? I am thinking this issue
> doesnt need updating of the "lib" output which is what's causing the
> high number of dependents AIUI. I am not sure we could actually update
> individual outputs right now though. Might be a good idea to split the
> packages for the future.
Instead of grafting, I would fix first check the compatibility between
mariadb and zstd. Because mariadb@10.5.8 does not build with
zstd@1.4.9, at least on my machine.
Other said, I seem better to do this fix as a whole on core-updates
without any graft. Instead of grafting here and there; and not
necessary small changes (zstd from 1.4.4 to 1.4.9, mariadb from 10.5.8
to 10.5.8).
All the best,
simon
bug#47257: [PATCH v2] gnu: mariadb: Fix CVE-2021-27928., Léo Le Bouter, 2021/03/25
bug#47257: [PATCH v3] gnu: mariadb: Fix CVE-2021-27928., Léo Le Bouter, 2021/03/25