Re: [debian-mysql] Updates to the mysql-8.0 package

To: Robie Basak <robie.basak@ubuntu.com>
Cc: Cyrille Bollu <Cyrille.Bollu@belnet.be>, debian-security-tracker@lists.debian.org
Subject: Re: [debian-mysql] Updates to the mysql-8.0 package
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 5 May 2022 08:31:48 +0200
Message-id: <[🔎] YnNvVE+y3IONUWJr@elende.valinor.li>
Mail-followup-to: Robie Basak <robie.basak@ubuntu.com>, Cyrille Bollu <Cyrille.Bollu@belnet.be>, debian-security-tracker@lists.debian.org
In-reply-to: <[🔎] 20220504125126.GD3496@mal.justgohome.co.uk>
References: <cc604517e1d543c5a5a5f647fa27ad74@exchwtc2.ad.fw.belnet.be> <20220504095606.GC3496@mal.justgohome.co.uk> <5fb6d424e9f548958cf4c2316b729ef1@exchwtc2.ad.fw.belnet.be> <[🔎] 20220504125126.GD3496@mal.justgohome.co.uk>

HI Robie,

On Wed, May 04, 2022 at 01:51:26PM +0100, Robie Basak wrote:
> [adding debian-security-tracker@lists.debian.org since I think this is
> mistriaged in Debian's security tracker]
> 
> On Wed, May 04, 2022 at 10:27:42AM +0000, Cyrille Bollu wrote:
> > The vulnerability report that I've received relates to CVE-2022-21363 which is purportedly fixed in mysql 8.0.29. 
> 
> I think (but am not sure and have not taken any steps to verify) that
> this might be in the source package named mysql-connector-java, not the
> source package named mysql-8.0. Ubuntu seems to think so:
> 
> https://ubuntu.com/security/cve-2022-21363
> 
> But Debian has listed this against mysql-8.0, which I'm not sure is
> right:
> 
> https://security-tracker.debian.org/tracker/CVE-2022-21363

Thanks for spotting, I have fixed the tracking in the
security-tracker.

Regards,
Salvatore

Reply to:

References:
- Re: [debian-mysql] Updates to the mysql-8.0 package
  - From: Robie Basak <robie.basak@ubuntu.com>

Prev by Date: External check
Next by Date: External check
Previous by thread: Re: [debian-mysql] Updates to the mysql-8.0 package
Next by thread: RE: [debian-mysql] Updates to the mysql-8.0 package
Index(es):
- Date
- Thread