Source: mysql-workbench Version: 6.2.3+dfsg-7 Severity: important Tags: upstream security
Hi, the following vulnerability was published for mysql-workbench. CVE-2017-3469[0]: | Vulnerability in the MySQL Workbench component of Oracle MySQL | (subcomponent: Workbench: Security : Encryption). Supported versions | that are affected are 6.3.8 and earlier. Difficult to exploit | vulnerability allows unauthenticated attacker with network access via | multiple protocols to compromise MySQL Workbench. Successful attacks | of this vulnerability can result in unauthorized read access to a | subset of MySQL Workbench accessible data. CVSS 3.0 Base Score 3.7 | (Confidentiality impacts). CVSS Vector: | (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). Unfortunately as in most cases, no details are provided. Only known that it should be fixed in 6.3.9. The issue is said to be difficult to exploit so I guess we do not need a DSA for this issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-3469 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3469 [1] http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
