Source: mysql-connector-python Version: 2.1.5-1 Severity: important Tags: upstream security
Hi, the following vulnerability was published for mysql-connector-python. CVE-2017-3590[0]: | Vulnerability in the MySQL Connectors component of Oracle MySQL | (subcomponent: Connector/Python). Supported versions that are affected | are 2.1.5 and earlier. Easily "exploitable" vulnerability allows low | privileged attacker with logon to the infrastructure where MySQL | Connectors executes to compromise MySQL Connectors. Successful attacks | of this vulnerability can result in unauthorized update, insert or | delete access to some of MySQL Connectors accessible data. CVSS 3.0 | Base Score 3.3 (Integrity impacts). CVSS Vector: | (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). According to the Oracle advisory fixed in 2.1.6. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-3590 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3590 [1] http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore