On Mon, Jun 20, 2016 at 06:48:58PM +0200, Markus Koschany wrote:
> Hello,
>
> I am thinking about to upgrade mysql-connector-java to the latest stable
> version in Wheezy and Jessie to address
>
> https://security-tracker.debian.org/tracker/CVE-2015-2575
>
> As usual Oracle does not provide concrete information about the
> vulnerability or a patch for older versions. On the other hand it is
> claimed that the issue is difficult to exploit, probably because users
> need to be authenticated. But without further information I rather
> hesitate to mark this CVE as a minor issue. Any thoughts?
Agreed. I already discussed briefly with ebourg who suggested the same.
Can you prepare an update for jessie-security?
Cheers,
Moritz
