[debian-mysql] Updates to the mysql-8.0 package

Robie Basak robie.basak at canonical.com
Wed May 4 10:56:07 BST 2022


Hi,

On Wed, May 04, 2022 at 09:02:40AM +0000, Cyrille Bollu wrote:
> My company is user of Ubuntu servers.
> 
> Recently our Security team has informed me of vulnerabilities in the mysql-connector-java package that we are using.
> 
> From what I understand, the best way to fix these vulnerabilities would be to update the mysql-8.0 Debian package.

I don't follow your logic here. mysql-connector-java was removed a long
time ago in favour of mariadb-connector-java
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920703) but even
without that, I don't see how you got from there to mysql-8.0? How would
updating mysql-8.0 change the status of a vulnerability in
mysql-connector-java?

> Looking at your dashboard, I see that mysql-8.0 FTBS for more than 1 month.
> 
> The build error on amd64 looks quite common ('size_t' has not been declared) and I was wondering if I could be of any help to resolve this issue.

Thank you for offering to help with this! However, a colleague of mine
is actively working on bringing mysql-8.0 up-to-date at the moment. See
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010372 for some
recent conversation on this. So I think it would duplicate effort/step
on toes for you to tackle on this specific item right now, but once
mysql-8.0 is up-to-date in unstable again, general packaging
contributions to mysql-8.0 would be appreciated!

I'm not sure I follow how this would solve your particular problem
though.

Robie



More information about the pkg-mysql-maint mailing list