[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security update of mysql-connector-java



On Mon, Jun 20, 2016 at 06:48:58PM +0200, Markus Koschany wrote:
> Hello,
> 
> I am thinking about to upgrade mysql-connector-java to the latest stable
> version in Wheezy and Jessie to address
> 
> https://security-tracker.debian.org/tracker/CVE-2015-2575
> 
> As usual Oracle does not provide concrete information about the
> vulnerability or a patch for older versions. On the other hand it is
> claimed that the issue is difficult to exploit, probably because users
> need to be authenticated. But without further information I rather
> hesitate to mark this CVE as a minor issue. Any thoughts?

Agreed. I already discussed briefly with ebourg who suggested the same.

Can you prepare an update for jessie-security? 

Cheers,
        Moritz




Reply to: