Your message dated Thu, 03 Oct 2024 23:49:38 +0000
with message-id <e1swvzi-00drsm...@fasolo.debian.org>
and subject line Bug#1077767: fixed in mysql-connector-python 9.0.0-1
has caused the Debian Bug report #1077767,
regarding mysql-connector-python: CVE-2024-21090 CVE-2024-21170
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1077767: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077767
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: mysql-connector-python
Version: 8.0.15-4
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerabilities were published for mysql-connector-python.
CVE-2024-21090[0]:
| Vulnerability in the MySQL Connectors product of Oracle MySQL
| (component: Connector/Python). Supported versions that are affected
| are 8.3.0 and prior. Easily exploitable vulnerability allows
| unauthenticated attacker with network access via multiple protocols
| to compromise MySQL Connectors. Successful attacks of this
| vulnerability can result in unauthorized ability to cause a hang or
| frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS
| 3.1 Base Score 7.5 (Availability impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2024-21170[1]:
| Vulnerability in the MySQL Connectors product of Oracle MySQL
| (component: Connector/Python). Supported versions that are affected
| are 8.4.0 and prior. Easily exploitable vulnerability allows low
| privileged attacker with network access via multiple protocols to
| compromise MySQL Connectors. Successful attacks of this
| vulnerability can result in unauthorized update, insert or delete
| access to some of MySQL Connectors accessible data as well as
| unauthorized read access to a subset of MySQL Connectors accessible
| data and unauthorized ability to cause a partial denial of service
| (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.3
| (Confidentiality, Integrity and Availability impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-21090
https://www.cve.org/CVERecord?id=CVE-2024-21090
[1] https://security-tracker.debian.org/tracker/CVE-2024-21170
https://www.cve.org/CVERecord?id=CVE-2024-21170
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: mysql-connector-python
Source-Version: 9.0.0-1
Done: Daniel Leidert <dleid...@debian.org>
We believe that the bug you reported is fixed in the latest version of
mysql-connector-python, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1077...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Leidert <dleid...@debian.org> (supplier of updated
mysql-connector-python package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 04 Oct 2024 01:21:06 +0200
Source: mysql-connector-python
Architecture: source
Version: 9.0.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+pyt...@tracker.debian.org>,
Changed-By: Daniel Leidert <dleid...@debian.org>
Closes: 1040290 1076136 1077767
Changes:
mysql-connector-python (9.0.0-1) unstable; urgency=medium
.
* Team upload.
* New upstream release.
- Fixes CVE-2024-21090 and CVE-2024-21170 (closes: #1077767).
- Provides compatibility with Python 3.12 (closes: #1076136, #1040290).
* d/control: Add Rules-Requires-Root.
(Standards-Version): Bump to 4.7.0.
(Build-Depends): Add pybuild-plugin-pyproject.
* d/copyright: Update team and upstream copyright.
* d/rules: Adjust for new source structure.
(override_dh_installdocs): Fix target and adjust files.
(override_dh_installexamples): Fix target adjusting path to examples.
* d/watch: Re-enable downloadurl- and filenamemangle. Increase version.
Checksums-Sha1:
bfc420738cd4eeec1d1cc23cc8499294e2bf7c6c 2177
mysql-connector-python_9.0.0-1.dsc
bbafce02c530c3b6e726592b2ec97d65e2ad1825 16195374
mysql-connector-python_9.0.0.orig.tar.gz
f4f6921ab14b5d336da1ff58eaa5131c01a96e9e 5744
mysql-connector-python_9.0.0-1.debian.tar.xz
ac50f4275bf406f0622f8e56e478e588d20646e7 8834
mysql-connector-python_9.0.0-1_amd64.buildinfo
Checksums-Sha256:
dbe90d14f89a2f93e064d5f4bdb7dc08d87113e8df40896648e93d942e713796 2177
mysql-connector-python_9.0.0-1.dsc
d25dd11e7859c5cf5efdcb08996b1aaad9d0b0df7a8331d0822ea18f23fdd4d0 16195374
mysql-connector-python_9.0.0.orig.tar.gz
174ca3dbd550cf2a2d12d4a113a1ce8cd2b034423db0e012820a76c98c091772 5744
mysql-connector-python_9.0.0-1.debian.tar.xz
968fef3d9c9488a2b5c16faac35dec6e89991f985c66af4a6c997191dec20132 8834
mysql-connector-python_9.0.0-1_amd64.buildinfo
Files:
9159282c1892755ef99a37d1cb0923e0 2177 python optional
mysql-connector-python_9.0.0-1.dsc
66d0fd536dc05e22baad335d7b3bc407 16195374 python optional
mysql-connector-python_9.0.0.orig.tar.gz
07c34878efe38930763f2a989e146259 5744 python optional
mysql-connector-python_9.0.0-1.debian.tar.xz
2b259c2026756f98e9fbea077ed63548 8834 python optional
mysql-connector-python_9.0.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmb/KHgACgkQS80FZ8KW
0F3L1RAAyNLIfUPu2ybFTfrgqYYGHaTwXkTuj7DB992s/pt6gbdXfN0E/vy7+LvD
Si6dqIJI9NLI9ibnEtnxmAtjRkuOniRKWGruOjCDgL/DvaDp6g0ZtVWkO1sUamyS
mMVng0vDTpLvo5CR4J065V+Z+YmB8UIvLrLgs/nBPj1PmPlf6Tis3j6xOD3Ik0EB
F/y07bj/aUttbTlhqhryqe5OZLLCxNitmmC7r/nhnOrVCKv4yJwKsf0YHmGMSJ8m
D8wquIbIsOsbn3LAB/TSN1c8L2EGf6It8rnN4uH6QWDgdqlk3XS3dv7HLhkYs+ZJ
abnhmKaldJUisG2vz3vpvoWmtZWgssIIQNoWTJYjmbxvhS+M1T9dV/tKW6klfA+e
bMUIMCl4RJ3lZVMsshTM5J4LkCjcZb8E/YU6Vg1PQWJvNNjGK+s75uBzdQGAP4dF
cJ7cfGvszxjzJ65mSuXBpiXK9luW1k/dHZxi3fde+fN41xtixXrBtAgXotcQr9qt
K4x4UbxxA8ibLwV9GuRv2yDbABgJ6YK3PDNxc/ZGIHC/QfjEYRv8VJiSDSYoZjgg
dkMCHmSHCQAloO/i53fT6l7zwF3pZqbbxe7HJ5rRDDOLMHkG78DEa1oO/5rytv4D
sn4xC6fDS096swbGv2ynmuHeSnApdF4iomj9q/zImOngeuIb7UI=
=pV0J
-----END PGP SIGNATURE-----
pgpw4Sz2mTxU_.pgp
Description: PGP signature
--- End Message ---
