USN-4195-1 also affects MariaDB

In the works:
mariadb-10.1 for bionic
mariadb-10.3 for disco and eoan

Focal can just sync from Debian unstable.

The 10.1 series update for 18.04 is now available.

Please use git-buildpackage to fetch and build from the ubuntu-18.04 branch at https://salsa.debian.org/mariadb-team/mariadb-10.1/tree/ubuntu-18.04

The repository uses pristine-tar, so there is no need to separately download the sources. You can just check the signature/SHA1SUM directly from the git-buildpackage generated tarball.

Test builds and testsuite passed on all platforms at
https://launchpad.net/~mysql-ubuntu/+archive/ubuntu/mariadb-10.1/+builds?build_text=&build_state=all

Debdiffs can be created directly from the repo like in a local clone with 'git diff <tag1>..<tag2> debian/'

Security sponsor note this: https://wiki.ubuntu.com/SecurityTeam/PublicationNotes#Sponsoring_MariaDB_Security_Updates

The 10.3 series update for 19.04 is now available.

Please use git-buildpackage to fetch and build from the ubuntu-19.04 branch at https://salsa.debian.org/mariadb-team/mariadb-10.3/tree/ubuntu-19.04

The repository uses pristine-tar, so there is no need to separately download the sources. You can just check the signature/SHA1SUM directly from the git-buildpackage generated tarball.

Test builds and testsuite passed on all platforms at
https://launchpad.net/~mysql-ubuntu/+archive/ubuntu/mariadb-10.3/+builds?build_text=&build_state=all

Debdiffs can be created directly from the repo like in a local clone with 'git diff <tag1>..<tag2> debian/'

Security sponsor note this: https://wiki.ubuntu.com/SecurityTeam/PublicationNotes#Sponsoring_MariaDB_Security_Updates

The 10.3 series update for 19.10 is now available.

Please use git-buildpackage to fetch and build from the ubuntu-19.10 branch at https://salsa.debian.org/mariadb-team/mariadb-10.3/tree/ubuntu-19.10

Today https://usn.ubuntu.com/4195-1/ was released, which covers CVE-2019-2974 and CVE-2019-2938, also listed here.

This bug was fixed in the package mariadb-10.1 - 1:10.1.43-0ubuntu0.18.04.1

---------------
mariadb-10.1 (1:10.1.43-0ubuntu0.18.04.1) bionic-security; urgency=high

  * SECURITY UPDATE: New upstream version 10.1.43 includes a fix for a
    regression introduced in the previous release:
    - MDEV-20987: InnoDB fails to start when FTS table has FK relation
    Previous release 10.1.41 includes fix for the following security
    vulnerability (LP: #1852109):
    - CVE-2019-2974

 -- Otto Kekäläinen <email address hidden> Mon, 11 Nov 2019 18:49:05 +0100

This bug was fixed in the package mariadb-10.3 - 1:10.3.20-0ubuntu0.19.10.1

---------------
mariadb-10.3 (1:10.3.20-0ubuntu0.19.10.1) eoan-security; urgency=high

  * SECURITY UPDATE: New upstream version 10.3.20 includes a fix for a
    regression introduced in the previous release:
    - MDEV-20987: InnoDB fails to start when FTS table has FK relation
    Previous release 10.3.19 includes fix for the following security
    vulnerability (LP: #1852109):
    - CVE-2019-2938
    - CVE-2019-2974
  * Update symbols to match latest libmariadb_3
  * Drop systemd service patch applied upstream
  * Update Maintainers field for Ubuntu releases
  * Remove Salsa-CI integration as not applicable in this Ubuntu branch

 -- Otto Kekäläinen <email address hidden> Tue, 12 Nov 2019 15:08:54 +0200

This bug was fixed in the package mariadb-10.3 - 1:10.3.20-0ubuntu0.19.04.1

---------------
mariadb-10.3 (1:10.3.20-0ubuntu0.19.04.1) disco-security; urgency=high

  * SECURITY UPDATE: New upstream version 10.3.20 includes a fix for a
    regression introduced in the previous release:
    - MDEV-20987: InnoDB fails to start when FTS table has FK relation
    Previous release 10.3.19 includes fix for the following security
    vulnerability (LP: #1852109):
    - CVE-2019-2938
    - CVE-2019-2974
  * Drop systemd service patch applied upstream
  * Update symbols to match latest libmariadb_3
  * Remove Salsa-CI integration as not applicable in this Ubuntu branch

 -- Otto Kekäläinen <email address hidden> Tue, 12 Nov 2019 14:44:39 +0200