Re: CVE-2017-3590 in mysql-connector-python

To: debian-lts@lists.debian.org
Subject: Re: CVE-2017-3590 in mysql-connector-python
From: Hugo Lefeuvre <hle@debian.org>
Date: Thu, 10 Aug 2017 12:39:23 -0400
Message-id: <[🔎] 20170810163923.fxzt5mkssq4t5dco@hle-laptop.local>
In-reply-to: <[🔎] 20170810162802.t3msjdfx6vr36ruh@pisco.westfalen.local>
References: <[🔎] 20170810152904.j77i6aqpkzgmgmbh@hle-laptop.local> <[🔎] a2e7e925-2d0e-6642-b74e-a73b03cdad80@debian.org> <[🔎] 20170810162802.t3msjdfx6vr36ruh@pisco.westfalen.local>

> > It appears that CVE-2017-3590 can only be exploited locally. We could also
> > postpone the update and wait for more important issues and fix this issue
> > later.
> 
> Also sounds fine. CVSS score is also very low (that's where the no-dsa is
> coming from).

Fine. I'll wait for more issues and will prepare an upload for Jessie if
necessary.

cheers,
 Hugo

-- 
             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- CVE-2017-3590 in mysql-connector-python
  - From: Hugo Lefeuvre <hle@debian.org>
- Re: CVE-2017-3590 in mysql-connector-python
  - From: Markus Koschany <apo@debian.org>
- Re: CVE-2017-3590 in mysql-connector-python
  - From: Moritz Mühlenhoff <jmm@inutil.org>

Prev by Date: Re: CVE-2017-3590 in mysql-connector-python
Next by Date: Wheezy update of tenshi?
Previous by thread: Re: CVE-2017-3590 in mysql-connector-python
Next by thread: Wheezy update of tenshi?
Index(es):
- Date
- Thread