Bug#912916: mysql-connector-java: CVE-2018-3258: allows low privileged attacker to compromise it

Hi, On Mon, Nov 05, 2018 at 04:54:55PM +0100, Markus Koschany wrote: > libreoffice-base-drivers https://salsa.debian.org/libreoffice-team/libreoffice/libreoffice/commit/3c5f364b4a31f29cf1e3ad44bcd2d3c7ef37206e Regards, Rene __ This is the maintainer address of Debian's Java team

Processed: Re: Bug#912916: mysql-connector-java: CVE-2018-3258: allows low privileged attacker to compromise it

Processing control commands: > retitle -1 mysql-connector-java: removal from Debian Bug #912916 [mysql-connector-java] mysql-connector-java: CVE-2018-3258: allows low privileged attacker to compromise it Changed Bug title to 'mysql-connector-java: removal from Debian' from

Bug#912916: mysql-connector-java: CVE-2018-3258: allows low privileged attacker to compromise it

Control: retitle -1 mysql-connector-java: removal from Debian Control: block -1 by 913323 913354 913360 913343 913362 So here we go. The removal of mysql-connector-java is currently blocked by five bugs. I have submitted patches for four of them and I will take care of netbeans myself. I'm

Bug#912916: mysql-connector-java: CVE-2018-3258: allows low privileged attacker to compromise it

On Thu, Nov 08, 2018 at 07:42:35PM +0100, Markus Koschany wrote: > Am 08.11.18 um 19:34 schrieb Moritz Mühlenhoff: > [...] > > So upon a closer look this seems to only affect the 8.x releases of the > > connector (Oracle only lists those affected release series which are > > affected and this only

Bug#912916: mysql-connector-java: CVE-2018-3258: allows low privileged attacker to compromise it

Am 08.11.18 um 19:34 schrieb Moritz Mühlenhoff: [...] > So upon a closer look this seems to only affect the 8.x releases of the > connector (Oracle only lists those affected release series which are > affected and this only lists 8.x, while 5.1.x is still supported; there's > a 5.1.47 release). >

Bug#912916: mysql-connector-java: CVE-2018-3258: allows low privileged attacker to compromise it

On Mon, Nov 05, 2018 at 02:13:39PM +0100, Moritz Mühlenhoff wrote: > On Sun, Nov 04, 2018 at 10:35:42PM +0100, Markus Koschany wrote: > > Package: mysql-connector-java > > X-Debbugs-CC: t...@security.debian.org > > Severity: grave > > Tags: security > > > > Hi, > > > > The following

Bug#912916: mysql-connector-java: CVE-2018-3258: allows low privileged attacker to compromise it

On Mon, Nov 05, 2018 at 04:54:55PM +0100, Markus Koschany wrote: > > Am 05.11.18 um 14:13 schrieb Moritz Mühlenhoff: > [...] > > The Java connector follows the horrible Oracle policy of not disclosing > > vulnerability information. Given that we now have mariadb-connector-java > > in the archive

Bug#912916: mysql-connector-java: CVE-2018-3258: allows low privileged attacker to compromise it

Am 05.11.18 um 14:13 schrieb Moritz Mühlenhoff: [...] > The Java connector follows the horrible Oracle policy of not disclosing > vulnerability information. Given that we now have mariadb-connector-java > in the archive (with a transparent upstream), can we migrate existing > reverse deps

Bug#912916: mysql-connector-java: CVE-2018-3258: allows low privileged attacker to compromise it

On Sun, Nov 04, 2018 at 10:35:42PM +0100, Markus Koschany wrote: > Package: mysql-connector-java > X-Debbugs-CC: t...@security.debian.org > Severity: grave > Tags: security > > Hi, > > The following vulnerability was published for mysql-connector-java. > > CVE-2018-3258[0]: > | Vulnerability in

Bug#912916: mysql-connector-java: CVE-2018-3258: allows low privileged attacker to compromise it

Package: mysql-connector-java X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for mysql-connector-java. CVE-2018-3258[0]: | Vulnerability in the MySQL Connectors component of Oracle MySQL | (subcomponent: Connector/J).