Hi, mysql-connector-python is affected by CVE-2017-3590.
Since we cannot extract the fix from the upstream patch, the only way to solve the issue is to backport 2.6.1-1 to wheezy. However this issue is no-dsa in Jessie, which has 1.2.3-2. If I backport 2.6.1 to wheezy, wheezy will have a newer version than jessie. Should I mark the issue no-dsa in this case ? cheers, Hugo -- Hugo Lefeuvre (hle) | www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
signature.asc
Description: PGP signature