[Git][security-tracker-team/security-tracker][master] mark CVE-2019-2435 ignored in jessie

Hugo Lefeuvre hle at debian.org
Sun Mar 17 15:44:05 GMT 2019 

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0968de4b by Hugo Lefeuvre at 2019-03-17T15:38:27Z
mark CVE-2019-2435 ignored in jessie

same as stretch.

Oracle is not willing to provide more details, and given the information
we have there is not much we can do apart from

1. upgrading to 8.0.14 which I guess is out of the question here
2. spend two weeks reverse-engineering the 8.0.14 release to extract
   information about the vulnerability and backport a highly hypothetical
   patch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18551,6 +18551,7 @@ CVE-2019-2436 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
 CVE-2019-2435 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...)
 	- mysql-connector-python 8.0.14-1 (bug #919820)
 	[stretch] - mysql-connector-python <ignored> (No security details disclosed, no 2.1.x release by Oracle)
+	[jessie] - mysql-connector-python <ignored> (No security details disclosed, no 1.2.x release by Oracle)
 	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#CVE-2019-2435
 CVE-2019-2434 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
 	- mysql-5.7 5.7.25-1 (bug #919817)


=====================================
data/dla-needed.txt
=====================================
@@ -62,10 +62,6 @@ linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)
 --
-mysql-connector-python (Hugo Lefeuvre)
-  NOTE: 20190202: Oracle stuff. Details are not disclosed. Requires update to
-  NOTE: supported version.
---
 openjdk-7 (Emilio)
   NOTE: 20190304: updating to 7u211
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0968de4bf3819f177b7e6185aee91463e0c1d600

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0968de4bf3819f177b7e6185aee91463e0c1d600
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190317/bcde1ee3/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list