Track MariaDB as well for CVE-2020-2574

All MariaDB updates are actually very intransparent. Upstream apparently consider CVE-2020-2574 as well various other MariaDB versions (apparently but any other CVE from the Oracle CPU from January?) and fixed in 5.5.67, 10.1.44, 10.2.31, 10.3.22 and 10.4.12. Add tracking for src:mariadb-10.3 and src:mariadb-10.1 repsectively.
author: Salvatore Bonaccorso <carnil@debian.org> 2020-01-29 09:48:56 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-01-29 09:48:56 +0100
commit: 1e22dbe1c5e233e808792c2afe26eddbd11e8112 (patch)
tree: 0bf6f93ad0a2095a65edb7c604b3b95c657acc7e
parent: f8d964cfdd64cd3272aa91553b4d29976b238089 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index bf1fae8508..51e90d4994 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -11929,7 +11929,10 @@ CVE-2020-2575
 	RESERVED
 CVE-2020-2574 (Vulnerability in the MySQL Client product of Oracle MySQL (component:  ...)
 	- mysql-5.7 <unfixed> (bug #949994)
+	- mariadb-10.3 1:10.3.22-1
+	- mariadb-10.1 <removed>
 	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
+	NOTE: Fixed in MariaDB: 5.5.67, 10.1.44, 10.2.31, 10.3.22, 10.4.12
 CVE-2020-2573 (Vulnerability in the MySQL Client product of Oracle MySQL (component:  ...)
 	- mysql-5.7 <unfixed> (bug #949994)
 	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
author	Salvatore Bonaccorso <carnil@debian.org>	2020-01-29 09:48:56 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-01-29 09:48:56 +0100
commit	1e22dbe1c5e233e808792c2afe26eddbd11e8112 (patch)
tree	0bf6f93ad0a2095a65edb7c604b3b95c657acc7e
parent	f8d964cfdd64cd3272aa91553b4d29976b238089 (diff)