Commit 0968de4b authored by Hugo Lefeuvre's avatar Hugo Lefeuvre Committed by Hugo Lefeuvre

mark CVE-2019-2435 ignored in jessie

same as stretch.

Oracle is not willing to provide more details, and given the information
we have there is not much we can do apart from

1. upgrading to 8.0.14 which I guess is out of the question here
2. spend two weeks reverse-engineering the 8.0.14 release to extract
   information about the vulnerability and backport a highly hypothetical
   patch
parent bcee6d0d
......@@ -18551,6 +18551,7 @@ CVE-2019-2436 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
CVE-2019-2435 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...)
- mysql-connector-python 8.0.14-1 (bug #919820)
[stretch] - mysql-connector-python <ignored> (No security details disclosed, no 2.1.x release by Oracle)
[jessie] - mysql-connector-python <ignored> (No security details disclosed, no 1.2.x release by Oracle)
NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#CVE-2019-2435
CVE-2019-2434 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
- mysql-5.7 5.7.25-1 (bug #919817)
......@@ -62,10 +62,6 @@ linux (Ben Hutchings)
--
linux-4.9 (Ben Hutchings)
--
mysql-connector-python (Hugo Lefeuvre)
NOTE: 20190202: Oracle stuff. Details are not disclosed. Requires update to
NOTE: supported version.
--
openjdk-7 (Emilio)
NOTE: 20190304: updating to 7u211
--
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment