Your message dated Mon, 28 Jan 2019 02:48:06 +0000
with message-id <[email protected]>
and subject line Bug#919820: fixed in mysql-connector-python 8.0.14-1
has caused the Debian Bug report #919820,
regarding mysql-connector-python: CVE-2019-2435
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
919820: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919820
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mysql-connector-python
Version: 8.0.11-1
Severity: grave
Tags: security upstream
Control: found -1 2.1.6-1
Hi,
The following vulnerability was published for mysql-connector-python.
CVE-2019-2435[0]:
| Vulnerability in the MySQL Connectors component of Oracle MySQL
| (subcomponent: Connector/Python). Supported versions that are affected
| are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable
| vulnerability allows unauthenticated attacker with network access via
| TLS to compromise MySQL Connectors. Successful attacks require human
| interaction from a person other than the attacker. Successful attacks
| of this vulnerability can result in unauthorized creation, deletion or
| modification access to critical data or all MySQL Connectors
| accessible data as well as unauthorized access to critical data or
| complete access to all MySQL Connectors accessible data. CVSS 3.0 Base
| Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector:
| (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-2435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2435
[1]
http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#CVE-2019-2435
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: mysql-connector-python
Source-Version: 8.0.14-1
We believe that the bug you reported is fixed in the latest version of
mysql-connector-python, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sandro Tosi <[email protected]> (supplier of updated mysql-connector-python
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 27 Jan 2019 21:07:55 -0500
Source: mysql-connector-python
Binary: python-mysql.connector python3-mysql.connector
Architecture: source all
Version: 8.0.14-1
Distribution: unstable
Urgency: medium
Maintainer: Sandro Tosi <[email protected]>
Changed-By: Sandro Tosi <[email protected]>
Description:
python-mysql.connector - pure Python implementation of MySQL Client/Server
protocol
python3-mysql.connector - pure Python implementation of MySQL Client/Server
protocol (Pytho
Closes: 919820
Changes:
mysql-connector-python (8.0.14-1) unstable; urgency=medium
.
[ Ondřej Nový ]
* Convert git repository from git-dpm to gbp layout
.
[ Sandro Tosi ]
* New upstream release, fix CVE-2019-2435; Closes: #919820
* debian/copyright
- extend packaging copyright years
- update upstream copyright years
* debian/patches/support_alternative_mysqld_implementation.patch
- refresh patch
* debian/control
- bump Standards-Version to 4.3.0 (no changes needed)
Checksums-Sha1:
bbe743d4875450c9f58fd77db2b6109fb24035a6 2347
mysql-connector-python_8.0.14-1.dsc
cb8982fed0fd89c3f15e724f3059dd9e208073ab 12000443
mysql-connector-python_8.0.14.orig.tar.gz
7be2ff258ac2b9c7becf9b504724a06ec036fd82 5172
mysql-connector-python_8.0.14-1.debian.tar.xz
c0851d2fb1d33a62746e13a754917403fbee67b2 9267
mysql-connector-python_8.0.14-1_amd64.buildinfo
2af93ab1dcad31e132c3b75a9269fe90a9063e27 167512
python-mysql.connector_8.0.14-1_all.deb
6e8245f136fc2cd04ac21d68d992cb3dda75b808 167660
python3-mysql.connector_8.0.14-1_all.deb
Checksums-Sha256:
7516bb41696e491c4dd20114f4f755feb4aa7278654b891a1a74ffac4e5ed380 2347
mysql-connector-python_8.0.14-1.dsc
ebe252ec11aa9b9c5cbeeecac760f1bc13308c8a4904782caa8a485fd01be8b1 12000443
mysql-connector-python_8.0.14.orig.tar.gz
1bc95991d7ba15afc41f9cb3b98f89e16c704215654eb568a743247bd52a7818 5172
mysql-connector-python_8.0.14-1.debian.tar.xz
644dc1d8776bd96d91e0e9ddec197daff93f1fd3b5b812302e67045c610b173a 9267
mysql-connector-python_8.0.14-1_amd64.buildinfo
f336599514795294fdbf0782b6e559711dec3f9c0b127b27cb32f209c61150bb 167512
python-mysql.connector_8.0.14-1_all.deb
958bea519411ffd43e8de182fe2c53eece1299b97152e3aa519f906bea302c9e 167660
python3-mysql.connector_8.0.14-1_all.deb
Files:
8e91782add565f34f171cbd3e73bf4f6 2347 python optional
mysql-connector-python_8.0.14-1.dsc
2d895209ea774fe5030e6f6ad7069ddb 12000443 python optional
mysql-connector-python_8.0.14.orig.tar.gz
65b2b58f0de38fd43717f765e53b2c76 5172 python optional
mysql-connector-python_8.0.14-1.debian.tar.xz
02df6e8fc1adcd1cb760df0e0e17581a 9267 python optional
mysql-connector-python_8.0.14-1_amd64.buildinfo
c91a36fab203e41520697cc1283fdcc7 167512 python optional
python-mysql.connector_8.0.14-1_all.deb
654ae73106aad6923c31ec2d686c7ff0 167660 python optional
python3-mysql.connector_8.0.14-1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEufrTGSrz5KUwnZ05h588mTgBqU8FAlxOZKYACgkQh588mTgB
qU88eQ/+MMaIyupS8HuKr7HG1yFkp4FArykPSewCnvMZ+fOdFg4y2G35ENOWFuZ9
WT5LtiCxCWOdamo5YoH4MxTvNM2IlLiPwNFuzyWLdxDlHwo/FyXSbJSqtucO5aA3
j6JPi1Qxt8jwFGVLnahFRGhaN1caVJp/UNNk0ewFfRiYaN8napVKHmZB+cXAPjfI
IEnPNSW7mfunbkrlktne4HGv6IOy5Cv3nciXhEITFJ0ntKRPztGsb3KlyEnYyr4L
4PTS2dNODl5wmckVqCrVab2G+faAXF2EQNRO3Z9K6U9CyxD/DONAlzpn1bAuor8m
eAZwAogAfC9rkKahkAS/Cde/fNznsIxHKkK26YFOKlbRPEb06FIzX5qIA0Rsf0jE
8ndXAws3Kqn3WWrTTfvLK/9Xyzmzea0jJqLUfcxWCgpCdzTp0ehK62yIwajfjm/b
EaqLh5n2+bV28eSwjN1h3nDTc/sBG3TxCG9RYUJoAgT+vZBAhPbhB4v0+pRivBy2
vtb70S5GVK54sCx9H4tkZkYIamUhEPg0W1suhRGoLWLI1wLfaqu/AYMPVtRHfoTq
yvDdYF0ELE2fYWFyI7a9dOcFB4WisLCQ/bxyzAHfQZEPmhOcSHByVxDFIpBPBa79
NWt/0hCNYw0p0fkQQw6cKfrzM4pw72ZQR6gLQcJ4p43IIp2c+kw=
=/E27
-----END PGP SIGNATURE-----
--- End Message ---