Bug#861580: (pre-approval) unblock: mysql-connector-python/2.1.6
Control: tags -1 confirmed moreinfo
Sandro Tosi:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
>
> Hello,
> BTS 861511 was reported yesterday against mysql-connector-python stating the new
> upstream version (2.1.6) fixes CVE-2017-3590.
>
> The upstream versions diff (attached) is quite important, so i would understand
> if you decide not to accept a potential upload of this new version aiming for an
> unblock to strech, but i would still like you to have a look and decide on it.
>
> Thanks,
> Sandro
>
> [...]
Ack, please go ahead and remove the moreinfo tag once the upload has
been processed and has been built on all relevant release architectures.
NOTE: the test suite contains certificates that expire in 2018. If that
causes test failures, then that is an RC bug (as it would mean we would
be unable to compile mysql-connector-python in stretch before its EOL).
AFAICT, said problem would also exists in the current version (except
the expiry reads 2017 instead).
Please consider replacing the certificates with once that can survive
stretch + stretch-lts's life-time.
Thanks,
~Niels
Reply to: