[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security update of mysql-connector-java

On 20.06.2016 19:38, Moritz Muehlenhoff wrote:
> On Mon, Jun 20, 2016 at 06:48:58PM +0200, Markus Koschany wrote:
>> Hello,
>> I am thinking about to upgrade mysql-connector-java to the latest stable
>> version in Wheezy and Jessie to address
>> https://security-tracker.debian.org/tracker/CVE-2015-2575
>> As usual Oracle does not provide concrete information about the
>> vulnerability or a patch for older versions. On the other hand it is
>> claimed that the issue is difficult to exploit, probably because users
>> need to be authenticated. But without further information I rather
>> hesitate to mark this CVE as a minor issue. Any thoughts?
> Agreed. I already discussed briefly with ebourg who suggested the same.
> Can you prepare an update for jessie-security? 
> Cheers,
>         Moritz

Yes, I will do so tomorrow.



Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: