> > It appears that CVE-2017-3590 can only be exploited locally. We could also
> > postpone the update and wait for more important issues and fix this issue
> > later.
>
> Also sounds fine. CVSS score is also very low (that's where the no-dsa is
> coming from).
Fine. I'll wait for more issues and
On Thu, Aug 10, 2017 at 12:02:58PM -0400, Markus Koschany wrote:
> On 10/08/17 11:29, Hugo Lefeuvre wrote:
> > Hi,
> >
> > mysql-connector-python is affected by CVE-2017-3590.
> >
> > Since we cannot extract the fix from the upstream patch, the only way to
> > solve
> > the issue is to backport
On 10/08/17 11:29, Hugo Lefeuvre wrote:
Hi,
mysql-connector-python is affected by CVE-2017-3590.
Since we cannot extract the fix from the upstream patch, the only way to solve
the issue is to backport 2.6.1-1 to wheezy. However this issue is no-dsa
in Jessie, which has 1.2.3-2.
If I backport 2
On Thu, Aug 10, 2017 at 11:29:04AM -0400, Hugo Lefeuvre wrote:
> Hi,
>
> mysql-connector-python is affected by CVE-2017-3590.
>
> Since we cannot extract the fix from the upstream patch, the only way to solve
> the issue is to backport 2.6.1-1 to wheezy. However this issue is no-dsa
> in Jessie,
Hi,
mysql-connector-python is affected by CVE-2017-3590.
Since we cannot extract the fix from the upstream patch, the only way to solve
the issue is to backport 2.6.1-1 to wheezy. However this issue is no-dsa
in Jessie, which has 1.2.3-2.
If I backport 2.6.1 to wheezy, wheezy will have a newer v
