Bug#912916: mysql-connector-java: CVE-2018-3258: allows low privileged attacker to compromise it
Markus Koschany
apo at debian.org
Thu Nov 8 18:42:35 GMT 2018
Am 08.11.18 um 19:34 schrieb Moritz Mühlenhoff:
[...]
> So upon a closer look this seems to only affect the 8.x releases of the
> connector (Oracle only lists those affected release series which are
> affected and this only lists 8.x, while 5.1.x is still supported; there's
> a 5.1.47 release).
>
> Still, this is good example why we should phase out mysql-connector-java
> in favour of the more transparent mariadb-connector-java, so let's maybe
> reuse this bug for tracking this? (Especially given Tony's experience
> that the migration is rather straightforward).
I'm currently working on updating the affected packages. I intend to
complete this at the weekend. Some packages are not maintained by the
Java team, so I will retitle this bug report and file bugs for those
packages that block the removal of mysql-connector-java. I will CC you
once I have made some progress.
Regards,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20181108/658ba8e9/attachment.sig>
More information about the pkg-java-maintainers
mailing list