File _patchinfo of Package patchinfo.40467

<patchinfo incident="40467">
  <issue tracker="cve" id="2023-52970"/>
  <issue tracker="cve" id="2023-52969"/>
  <issue tracker="cve" id="2023-52971"/>
  <issue tracker="cve" id="2025-30693"/>
  <issue tracker="cve" id="2025-30722"/>
  <issue tracker="bnc" id="1239151">VUL-0: CVE-2023-52970: mariadb: MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref:derived_field_transformer_for_where.</issue>
  <issue tracker="bnc" id="1239150">VUL-0: CVE-2023-52969: mariadb: MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2</issue>
  <issue tracker="bnc" id="1249219">VUL-0: CVE-2023-52971: mariadb,mariadb-100: mariadb: crash in MariaDB Server in JOIN::fix_all_splittings_in_plan</issue>
  <issue tracker="bnc" id="1249212">VUL-0: CVE-2025-30722: mariadb: mysql: mysqldump issue allows low privileged attacker with network access to compromise MySQL Client and gain unauthorized update, insert or delete access to data</issue>
  <issue tracker="bnc" id="1249213">VUL-0: CVE-2025-30693: mariadb: mysql: mysql: InnoDB issue allows high privileged attacker with network access to compromise MySQL Server to gain unauthorized update, insert or delete access to data and cause repeatable crash</issue>
  <packager>ateixeira</packager>
  <rating>moderate</rating>
  <category>security</category>
  <message>Updating mariadb might impact the database service. Do you want to proceed with the update?</message>
  <summary>Security update for mariadb</summary>
  <description>This update for mariadb fixes the following issues:

Update to version 10.11.14.

Security issues fixed:

- CVE-2025-30693: InnoDB issue allows high privileged attacker with network access to gain unauthorized update, insert
  or delete access to data and cause repeatable crash in MySQL server (bsc#1249213).
- CVE-2025-30722: mysqldump issue allows low privileged attacker with network access to gain unauthorized update,
  insert or delete access to data in MySQL Client (bsc#1249212).
- CVE-2023-52969: crash with empty backtrace log in MariaDB Server (bsc#1239150).
- CVE-2023-52970: crash in MariaDB Server when inserting from derived table containing insert target table
  (bsc#1239151).
- CVE-2023-52971: crash in the optimizer of MariaDB Server when processing certain queries with subqueries
  (bsc#1249219).

Release notes and changelog:
  
- https://mariadb.com/docs/release-notes/community-server/mariadb-10-11-series/mariadb-10.11.14-release-notes
- https://mariadb.com/docs/release-notes/community-server/changelogs/changelogs-mariadb-10-11-series/mariadb-10.11.14-changelog
- https://mariadb.com/kb/en/mariadb-10-11-13-release-notes/
- https://mariadb.com/kb/en/mariadb-10-11-13-changelog/
- https://mariadb.com/kb/en/mariadb-10-11-12-release-notes/
- https://mariadb.com/kb/en/mariadb-10-11-12-changelog/
</description>
</patchinfo>