Re: [debian-mysql] Updates to the mysql-8.0 package
HI Robie,
On Wed, May 04, 2022 at 01:51:26PM +0100, Robie Basak wrote:
> [adding debian-security-tracker@lists.debian.org since I think this is
> mistriaged in Debian's security tracker]
>
> On Wed, May 04, 2022 at 10:27:42AM +0000, Cyrille Bollu wrote:
> > The vulnerability report that I've received relates to CVE-2022-21363 which is purportedly fixed in mysql 8.0.29.
>
> I think (but am not sure and have not taken any steps to verify) that
> this might be in the source package named mysql-connector-java, not the
> source package named mysql-8.0. Ubuntu seems to think so:
>
> https://ubuntu.com/security/cve-2022-21363
>
> But Debian has listed this against mysql-8.0, which I'm not sure is
> right:
>
> https://security-tracker.debian.org/tracker/CVE-2022-21363
Thanks for spotting, I have fixed the tracking in the
security-tracker.
Regards,
Salvatore
Reply to: