Thank you Sergei, Looks like there is a release of MariaDB Galera Cluster 10.0.16 also on the way. https://mariadb.atlassian.net/browse/MDEV/fixforversion/18101/?selectedTab=c... I imagine this will ship shortly after MariaDB 10.0.16? Best, Shannon Coen On Mon, Jan 26, 2015 at 8:44 AM, Sergei Golubchik <serg@mariadb.org> wrote:
Hi, Raina!
Hello,
We recently were informed of some security fixes in Mysql 5.5.41: http://www.ubuntu.com/usn/usn-2480-1/ and are wondering whether there are plans to include these in an upcoming MariaDB release. Right now, we are running 10.0.13, so we're trying to plan the next upgrade. We see that there have been similar fixes included in MariaDB 10.0.14 and 10.0.15, so this seems likely.
Based on this https://mariadb.com/kb/en/mariadb/development/security/
of CVE's, it looks like the MariaDB 10.0.15 and MariaDB 5.5.40 include
On Jan 23, Raina Masand wrote: list the
same security fixes (presumably pulled from Mysql 5.5.40). Can we expect that the fixes from Mysql 5.5.41 will be included in an upcoming MariaDB 10.0.16 release? Would appreciate any insight into the general schedule for addressing these vulnerabilities.
Yes, I have updated the Security page to include these newly announced vulnerabilities. They are fixed in MariaDB-5.5.41 and MariaDB-10.0.16.
Generally it works as follows: * Oracle discovers or learns about a security vulnerability in MySQL * Oracle doesn't tell anyone and secretly fixes it * Oracle releases a new - fixed - MySQL version * We (MariaDB) pull in MySQL changes and release a new MariaDB version - this usually takes few days (up to a week) * Oracle releases a CPU with very vague description of vulnerabilities - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html * By that time a fixed MariaDB version is already released, I only need to add new CVE numbers to the Security page
So, generally, when new vulnerabilities are publically announced, the latest MariaDB release already has them fixed. Even if Security page doesn't tell so.
Regards, Sergei