On 20.06.2016 19:38, Moritz Muehlenhoff wrote: > On Mon, Jun 20, 2016 at 06:48:58PM +0200, Markus Koschany wrote: >> Hello, >> >> I am thinking about to upgrade mysql-connector-java to the latest stable >> version in Wheezy and Jessie to address >> >> https://security-tracker.debian.org/tracker/CVE-2015-2575 >> >> As usual Oracle does not provide concrete information about the >> vulnerability or a patch for older versions. On the other hand it is >> claimed that the issue is difficult to exploit, probably because users >> need to be authenticated. But without further information I rather >> hesitate to mark this CVE as a minor issue. Any thoughts? > > Agreed. I already discussed briefly with ebourg who suggested the same. > > Can you prepare an update for jessie-security? > > Cheers, > Moritz
Yes, I will do so tomorrow. Regards, Markus
signature.asc
Description: OpenPGP digital signature