[Git][security-tracker-team/security-tracker][master] mark CVE-2019-2435 ignored in jessie

Sun, 17 Mar 2019 08:45:09 -0700 

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0968de4b by Hugo Lefeuvre at 2019-03-17T15:38:27Z
mark CVE-2019-2435 ignored in jessie

same as stretch.

Oracle is not willing to provide more details, and given the information
we have there is not much we can do apart from

1. upgrading to 8.0.14 which I guess is out of the question here
2. spend two weeks reverse-engineering the 8.0.14 release to extract
   information about the vulnerability and backport a highly hypothetical
   patch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18551,6 +18551,7 @@ CVE-2019-2436 (Vulnerability in the MySQL Server 
component of Oracle MySQL ...)
 CVE-2019-2435 (Vulnerability in the MySQL Connectors component of Oracle MySQL 
...)
        - mysql-connector-python 8.0.14-1 (bug #919820)
        [stretch] - mysql-connector-python <ignored> (No security details 
disclosed, no 2.1.x release by Oracle)
+       [jessie] - mysql-connector-python <ignored> (No security details 
disclosed, no 1.2.x release by Oracle)
        NOTE: 
http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#CVE-2019-2435
 CVE-2019-2434 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
        - mysql-5.7 5.7.25-1 (bug #919817)


=====================================
data/dla-needed.txt
=====================================
@@ -62,10 +62,6 @@ linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)
 --
-mysql-connector-python (Hugo Lefeuvre)
-  NOTE: 20190202: Oracle stuff. Details are not disclosed. Requires update to
-  NOTE: supported version.
---
 openjdk-7 (Emilio)
   NOTE: 20190304: updating to 7u211
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0968de4bf3819f177b7e6185aee91463e0c1d600

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0968de4bf3819f177b7e6185aee91463e0c1d600
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to