Hi Security Team, On 07/06/2020 09:44, Moritz Mühlenhoff wrote: > On Fri, Jun 05, 2020 at 02:27:50PM +0200, Sylvain Beucler wrote: >> On 05/06/2020 09:23, Sylvain Beucler wrote: >> I finished testing and I prepared the upload accordingly: >> >> https://www.beuc.net/tmp/debian-lts/mysql-connector-java/mysql-connector-java_5.1.49-0+deb9u1_amd64.changes >> >> https://www.beuc.net/tmp/debian-lts/mysql-connector-java/debdiff-stretch.txt >> >> Version scheme is changed, suite is stretch-security, and I made a minor >> change to debian/watch to track 5.x (not 8.x). >> >> Do you approve for upload? > > Thanks, please upload to security-master! (And note to build with -sa > as the 5.1.49 tarball isn't present on security-master yet).
I'm not entirely familiar with the process here, the upload is in "embargoed", and I suspect it needs validation. Then it will make the new tarball available and I'll be able to make the LTS/jessie upload. Do you plan to send a DSA? I prepared the following text: Several issues were discovered in mysql-connector-java, a Java database (JDBC) driver for MySQL, that allow attackers to update, insert or delete access to some of MySQL Connectors accessible data, unauthorized read access to a subset of the data, and partial denial of service. Cheers! Sylvain
