Hello, I am thinking about to upgrade mysql-connector-java to the latest stable version in Wheezy and Jessie to address https://security-tracker.debian.org/tracker/CVE-2015-2575 As usual Oracle does not provide concrete information about the vulnerability or a patch for older versions. On the other hand it is claimed that the issue is difficult to exploit, probably because users need to be authenticated. But without further information I rather hesitate to mark this CVE as a minor issue. Any thoughts? Reverse build-dependencies: jabref, jython, osmosis and pegasus-wms Reverse dependencies: biomaj libreoffice-base-drivers |sqlline pegasus-wms osmosis solr-common |libreoffice-canzeley-client jython jclic jabref
Attachment:
signature.asc
Description: OpenPGP digital signature