CVE-2017-3590 in mysql-connector-python

To: debian-lts@lists.debian.org
Subject: CVE-2017-3590 in mysql-connector-python
From: Hugo Lefeuvre <hle@debian.org>
Date: Thu, 10 Aug 2017 11:29:04 -0400
Message-id: <[🔎] 20170810152904.j77i6aqpkzgmgmbh@hle-laptop.local>

Hi,

mysql-connector-python is affected by CVE-2017-3590.

Since we cannot extract the fix from the upstream patch, the only way to solve
the issue is to backport 2.6.1-1 to wheezy. However this issue is no-dsa
in Jessie, which has 1.2.3-2.

If I backport 2.6.1 to wheezy, wheezy will have a newer version than jessie.

Should I mark the issue no-dsa in this case ?

cheers,
 Hugo

-- 
             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: CVE-2017-3590 in mysql-connector-python
  - From: Moritz Mühlenhoff <jmm@inutil.org>
- Re: CVE-2017-3590 in mysql-connector-python
  - From: Markus Koschany <apo@debian.org>

Prev by Date: Re: Debconf 2017 LTS BoF Summary
Next by Date: Re: CVE-2017-3590 in mysql-connector-python
Previous by thread: Wheezy update of cacti?
Next by thread: Re: CVE-2017-3590 in mysql-connector-python
Index(es):
- Date
- Thread