#21669 closed enhancement (fixed)
mariadb-11.4.7
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.4 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point release
Notes for 11.4.6 can be found here: https://mariadb.com/kb/en/mariadb-11-4-6-release-notes/
and for 11.4.7: https://mariadb.com/kb/en/mariadb-11-4-7-release-notes/
11.4.6's release notes mention security fixes, so I will promote this to Elevated and take it.
The security fixes are for...
- CVE-2025-30722: "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data." (Marked as Medium)
- CVE-2025-30693: "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." (Marked as Medium)
- CVE-2023-52970: "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where." (Medium)
- CVE-2023-52969: "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2." (Medium)
- CVE-2023-52971: "MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan." (Medium)
Change History (5)
comment:1 by , 8 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 8 months ago
comment:4 by , 8 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
One nice thing about this version so far is that we didn't need to specify the CMake Policy Version flag, which means the changes I submitted to upstream were merged
I did also remove the libxml2 sed from my script, so we'll see if that's still required...