mariadb: fix CVE-2024-21096

Vulnerability in the MySQL Server product of Oracle MySQL (component:
Client: mysqldump). Supported versions that are affected are 8.0.36
and prior and 8.3.0 and prior. Difficult to exploit vulnerability
allows unauthenticated attacker with logon to the infrastructure
where MySQL Server executes to compromise MySQL Server. Successful
attacks of this vulnerability can result in unauthorized update,
insert or delete access to some of MySQL Server accessible data as
well as unauthorized read access to a subset of MySQL Server accessible
data and unauthorized ability to cause a partial denial of service
(partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality,
Integrity and Availability impacts).

CVE-2024-21096-0001, CVE-2024-21096-0002 are CVE fixes and rest are
regression fixes.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-21096
https://security-tracker.debian.org/tracker/CVE-2024-21096

Upstream patches:
https://github.com/MariaDB/server/commit/13663cb5c4558383e9dab96e501d72ceb7a0a158
https://github.com/MariaDB/server/commit/1c425a8d854061d1987ad4ea352c7270652e31c4
https://github.com/MariaDB/server/commit/77c4c0f256f3c268d3f72625b04240d24a70513c
https://github.com/MariaDB/server/commit/d60f5c11ea9008fa57444327526e3d2c8633ba06
https://github.com/MariaDB/server/commit/d20518168aff435a4843eebb108e5b9df24c19fb

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

0 files changed, 0 insertions, 0 deletions