[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47257: mariadb is vulnerable to CVE-2021-27928 (RCE)
From: |
zimoun |
Subject: |
bug#47257: mariadb is vulnerable to CVE-2021-27928 (RCE) |
Date: |
Tue, 30 Mar 2021 10:29:20 +0200 |
Hi Léo,
On Tue, 30 Mar 2021 at 02:26, Léo Le Bouter <lle-bout@zaclys.net> wrote:
> I pushed 00c67375b17f4a4cfad53399d1918f2e7eba2c7d to core-updates. Your
> patch. Thank you for it. Let's watch for upstream zstd fix also.
Thanks. It mitigates zstd, even if it does not solve MariaDB. One
foot, then another. :-)
> I pushed 9feef62b73e284e106717a386624d6da90750a3d to master.
Cool! LTGM.
> Ubuntu released a patch in the mean time, so while we couldnt make such
> patch in a timely manner because the backport was non-trivial and
> security-sensitive also didnt want to risk failing to fix the flaw
> because I don't have much expertise on it, Ubuntu now has done that
> work and we can just use it.
Thanks for taking care. And do not consider my concerns as a slowdown
but instead as a way to reach something better. For instance
9feef62b73 seems The Right Thing (AFAIU), whereas 6f873731a0 and
2bcfb944bd are not (AFAIK). On one hand, I agree that ~3 weeks
appears long through the lens of security vulnerabilities. On the
other hand, it is usually worth to take the time; as here. :-)
Examine the various options and so the best move always takes time.
Well, thanks for pushing forward with security.
All the best,
simon
bug#47257: [PATCH v2] gnu: mariadb: Fix CVE-2021-27928., Léo Le Bouter, 2021/03/25
bug#47257: [PATCH v3] gnu: mariadb: Fix CVE-2021-27928., Léo Le Bouter, 2021/03/25