Hi, On Sun, May 07, 2017 at 07:41:00PM +0000, Niels Thykier wrote: > Control: tags -1 confirmed moreinfo > > Sandro Tosi: > > Package: release.debian.org > > Severity: normal > > User: release.debian....@packages.debian.org > > Usertags: unblock > > > > Hello, > > BTS 861511 was reported yesterday against mysql-connector-python stating > > the new > > upstream version (2.1.6) fixes CVE-2017-3590. > > > > The upstream versions diff (attached) is quite important, so i would > > understand > > if you decide not to accept a potential upload of this new version aiming > > for an > > unblock to strech, but i would still like you to have a look and decide on > > it. > > > > Thanks, > > Sandro > > > > [...] > > Ack, please go ahead and remove the moreinfo tag once the upload has > been processed and has been built on all relevant release architectures. > > NOTE: the test suite contains certificates that expire in 2018. If that > causes test failures, then that is an RC bug (as it would mean we would > be unable to compile mysql-connector-python in stretch before its EOL). > AFAICT, said problem would also exists in the current version (except > the expiry reads 2017 instead). > Please consider replacing the certificates with once that can survive > stretch + stretch-lts's life-time.
Sandro, any news on the upload? Regards, Salvatore