Re: CVE-2017-3590 in mysql-connector-python
On Thu, Aug 10, 2017 at 11:29:04AM -0400, Hugo Lefeuvre wrote:
> mysql-connector-python is affected by CVE-2017-3590.
> Since we cannot extract the fix from the upstream patch, the only way to solve
> the issue is to backport 2.6.1-1 to wheezy. However this issue is no-dsa
> in Jessie, which has 1.2.3-2.
> If I backport 2.6.1 to wheezy, wheezy will have a newer version than jessie.
> Should I mark the issue no-dsa in this case ?
Or upgrade jessie in the next point release as well.