[SECURITY] [DLA 526-1] mysql-connector-java security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : mysql-connector-java
Version : 5.1.39-1~deb7u1
CVE ID : CVE-2015-2575
A vulnerability in the MySQL Connectors component of Oracle MySQL
(subcomponent: Connector/J) has been discovered that may result in
unauthorized update, insert or delete access to some MySQL Connectors
accessible data as well as read access to a subset of MySQL Connectors.
The issue is addressed by updating to the latest stable release of
mysql-connector-java since Oracle did not release further information.
Please see Oracle's Critical Patch Update advisory for further details.
http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html#MSQL
For Debian 7 "Wheezy", these problems have been fixed in version
5.1.39-1~deb7u1.
We recommend that you upgrade your mysql-connector-java packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQJ8BAEBCgBmBQJXbrevXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkfsMQAJq7V/02TqZXwBfgQe3qtRWV
UW9yU25yqHbz8fVHQ5yCleMKvBGAInZESYfzKsM7fsw9I/rvMZ0+JUBNaDzA3dgd
BcCHDzQUO2O/B/7nuKY+NFAnlAqO2n8zI0hOsDjoIacFVs4LxSVRjoKJDrSE2YRo
PnzzZip06Jp4veoZbK2PDwwL4lvTgWNStLfcZ+44XEryuU48jAgFr4KMp4ulus6o
CxyFU+IQD2DJ5akPx/l80eRvA0OxyVCrpxLGJN+IJ3w/vGNusXofBBLIfF2hOGJn
t61GVR7k3/4XTiJ9IEXl3Vbi002PhY/DNt/eXAuVtL8H6SGfzt991GnmV1rRjpzF
XmrW1X2kUFcmG9NMafF/MHnSHnW2XWyNAZtFr6gbM4aEluoY3no5xxer2tKIyqmE
gfx2coN+Seqs3PwHRICEYngUJ7r3kp6xDJLZ8gsC0ovC1XFAoo4/bhH/61dhWgzH
Ta2LaESl4PEDa1LZiS7c3PKqgzAle39lMPLuNcXoMh87Y7ErUmMMzlZkeefxNTf1
jePJQbxiyiCvxjdAVvwqKS5JasjCwQjQMYZrMCSLRylfZLh3JVrTEhlUV6Pe6PTp
PyQvBxr+QVJ2b7xWWO0A83Wxb2kqFBHGAQbVwuMicEV5ypedPfRUi9qVsVyeYPeS
YOkjrKSiEoN7sylv65wq
=CE0Q
-----END PGP SIGNATURE-----
Reply to: