Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: a64575f9 by Markus Koschany at 2022-05-28T16:35:50+02:00 Remove mysql-connector-java from dla-needed.txt mysql-connector-java requires a new upstream release because details about CVE-2022-21363 are not available and thus a patch cannot be backported. The new version supports only mysql 8.x and 5.7. It requires Java 8 and at least libprotobuf-java 3.12.4, currently only available in Bullseye. Since the MySQL package has been replaced by MariaDB there is no real consumer of mysql-connector-java in Stretch anymore. Since a new version of protobuf is required (a new source package would be the most sensible approach), it makes more sense to mark mysql-connector-java as EOL now. A working package can be found on the experimental branch in Git at https://salsa.debian.org/java-team/mysql-connector-java/-/tree/experimental but there are no plans to upload it to Stretch at the moment. - - - - - 0d30607a by Markus Koschany at 2022-05-28T16:43:41+02:00 CVE-2022-21363,mysql-connector-java: end-of-life in Stretch - - - - - 62cefbc3 by Markus Koschany at 2022-05-28T16:46:19+02:00 Claim pngcheck in dla-needed.txt - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -37747,6 +37747,7 @@ CVE-2022-21364 (Vulnerability in the PeopleSoft Enterprise PeopleTools product o NOT-FOR-US: Oracle CVE-2022-21363 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) - mysql-connector-java <removed> + [stretch] - mysql-connector-java <end-of-life> (MySQL has been replaced with MariaDB) CVE-2022-21362 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.29-1 CVE-2022-21361 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) ===================================== data/dla-needed.txt ===================================== @@ -152,9 +152,6 @@ mbedtls (Utkarsh) modsecurity-crs NOTE: 20220524: Follow buster: harmonize with with Debian 10.2 and 10.11 (2 CVEs) (Beuc/front-desk) -- -mysql-connector-java (Markus Koschany) - NOTE: 20220512: Requires a new upstream version. (apo) --- ncurses NOTE: 20220524: Follow buster: harmonize with with Debian 10.2 (2-3 CVEs + some non-CVE'd issues) (Beuc/front-desk) -- @@ -194,7 +191,7 @@ pjproject (Abhijith PA) plinth NOTE: 20220524: Follow buster: harmonize with with Debian 10.7 and 10.10 (2 CVEs) (Beuc/front-desk) -- -pngcheck +pngcheck (Markus Koschany) NOTE: 20220524: Follow buster: harmonize with with Debian 10.8 (1 CVE) (Beuc/front-desk) -- postgresql-9.6 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6d12ad33ae037fe4eda4983d93a031a77e2a5692...62cefbc3566f43f4791a3775d7ac0a7cd69e0399 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6d12ad33ae037fe4eda4983d93a031a77e2a5692...62cefbc3566f43f4791a3775d7ac0a7cd69e0399 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
