[Buildroot] [PATCH 1/1] package/mariadb: security bump to version 10.3.28
Peter Korsgaard
peter at korsgaard.com
Tue Mar 30 06:18:10 UTC 2021
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> Fix CVE-2021-27928: A remote code execution issue was discovered in
> MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18,
> and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep
> patch through 2021-03-03 for MySQL. An untrusted search path leads to
> eval injection, in which a database SUPER user can execute OS commands
> after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not
> affect an Oracle product.
> https://mariadb.com/kb/en/mariadb-10328-release-notes/
> https://mariadb.com/kb/en/mariadb-10328-changelog/
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list