Description
mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
mysql: Server: FTS unspecified vulnerability (CPU Apr 2022).
mariadb: lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.
mariadb: lack of validating the existence of an object prior to performing operations on the object.
mariadb: lack of proper validation of a user-supplied string before using it as a format specifier.
mariadb: CONNECT storage engine heap-based buffer overflow.
mariadb: assertion failure in Item_args::walk_arg.
mariadb: use-after-poison when complex conversion is involved in blob.
mariadb: server crash in create_tmp_table::finalize.
mariadb: server crash in component arg_comparator::compare_real_fixed.
mariadb: server crash at my_decimal::operator=.
mariadb: server crash at Field::set_default via specially crafted SQL statements.
mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c.
mariadb: crash via component Item_subselect::init_expr_cache_tracker.
mariadb: server crashes in query_arena::set_query_arena upon SELECT from view.
mariadb: assertion failures in decimal_bin_size.
mariadb: assertion failure in compare_order_elements.
mariadb: use-after-poison in Binary_string::free_buffer.
mariadb: crash in multi-update and implicit grouping.
mariadb: assertion failure in sql/item_func.cc.
mariadb: assertion failure in sql/item_cmpfunc.cc.
mariadb: assertion failure in VDec::VDec at /sql/sql_type.cc.
mariadb: use-after-poison in Binary_string::free_buffer.
mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc.
mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc.
mariadb: server crash at Item_subselect::init_expr_cache_tracker.
mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor.
mariadb: server crash in Item_args::walk_args.
mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.
mariadb: Crash executing query with VIEW, aggregate and subquery.
mariadb: MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
mariadb: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
mariadb: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.
mariadb: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements.
[Tracker] Rebase to Galera 25.3.35 for MariaDB-10.3 (BZ#2107054).