Bug#912916: mysql-connector-java: CVE-2018-3258: allows low privileged attacker to compromise it
Markus Koschany
apo at debian.org
Mon Nov 5 15:54:55 GMT 2018
Am 05.11.18 um 14:13 schrieb Moritz Mühlenhoff:
[...]
> The Java connector follows the horrible Oracle policy of not disclosing
> vulnerability information. Given that we now have mariadb-connector-java
> in the archive (with a transparent upstream), can we migrate existing
> reverse deps towards libmariadb-java and simply get rid of libmysql-java?
>
> List of buils deps is rather short:
>
> jabref
> pegasus-wms
> jython
> osmosis
> netbeans
> igv (non-free)
I agree it would be nice if we could replace mysql-connector-java with
the MariaDB version. I don't know how much effort is required to make
the switch, hopefully it is just a drop-in-replacement. I think we
should file bugs and let's see how it goes. I can do that.
There are a few more r-deps for libmysql-java
apt-cache rdepends libmysql-java
Reverse Depends:
jabref
solr-common
|sqlline
pegasus-wms
osmosis
libnb-ide14-java
solr-common
|libreoffice-canzeley-client
libreoffice-base-drivers
jython
jclic
jameica
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20181105/a4080120/attachment-0001.sig>
More information about the pkg-java-maintainers
mailing list