[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Refreshing mysql-connector-java

Hi Security Team,

On 07/06/2020 09:44, Moritz Mühlenhoff wrote:
> On Fri, Jun 05, 2020 at 02:27:50PM +0200, Sylvain Beucler wrote:
>> On 05/06/2020 09:23, Sylvain Beucler wrote:
>> I finished testing and I prepared the upload accordingly:
>> https://www.beuc.net/tmp/debian-lts/mysql-connector-java/mysql-connector-java_5.1.49-0+deb9u1_amd64.changes
>> https://www.beuc.net/tmp/debian-lts/mysql-connector-java/debdiff-stretch.txt
>> Version scheme is changed, suite is stretch-security, and I made a minor
>> change to debian/watch to track 5.x (not 8.x).
>> Do you approve for upload?
> Thanks, please upload to security-master! (And note to build with -sa
> as the 5.1.49 tarball isn't present on security-master yet).

I'm not entirely familiar with the process here, the upload is in
"embargoed", and I suspect it needs validation.

Then it will make the new tarball available and I'll be able to make the
LTS/jessie upload.

Do you plan to send a DSA? I prepared the following text:

Several issues were discovered in mysql-connector-java, a Java database
(JDBC) driver for MySQL, that allow attackers to update, insert or
delete access to some of MySQL Connectors accessible data, unauthorized
read access to a subset of the data, and partial denial of service.


Reply to: