Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

mysql-connector-python: CVE-2017-3590

Related Vulnerabilities: CVE-2017-3590  

Source

Debian Bug report logs - #861511
mysql-connector-python: CVE-2017-3590

version graph

Package: src:mysql-connector-python; Maintainer for src:mysql-connector-python is Sandro Tosi <morph@debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Sat, 29 Apr 2017 20:33:01 UTC

Severity: important

Tags: security, upstream

Found in version mysql-connector-python/2.1.5-1

Fixed in version mysql-connector-python/2.1.6-1

Done: Sandro Tosi <morph@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Sandro Tosi <morph@debian.org>:
Bug#861511; Package src:mysql-connector-python. (Sat, 29 Apr 2017 20:33:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Sandro Tosi <morph@debian.org>. (Sat, 29 Apr 2017 20:33:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: mysql-connector-python: CVE-2017-3590
Date: Sat, 29 Apr 2017 22:29:12 +0200
Source: mysql-connector-python
Version: 2.1.5-1
Severity: important
Tags: upstream security

Hi,

the following vulnerability was published for mysql-connector-python.

CVE-2017-3590[0]:
| Vulnerability in the MySQL Connectors component of Oracle MySQL
| (subcomponent: Connector/Python). Supported versions that are affected
| are 2.1.5 and earlier. Easily "exploitable" vulnerability allows low
| privileged attacker with logon to the infrastructure where MySQL
| Connectors executes to compromise MySQL Connectors. Successful attacks
| of this vulnerability can result in unauthorized update, insert or
| delete access to some of MySQL Connectors accessible data. CVSS 3.0
| Base Score 3.3 (Integrity impacts). CVSS Vector:
| (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

According to the Oracle advisory fixed in 2.1.6.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-3590
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3590
[1] http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Added tag(s) pending. Request was from Sandro Tosi <morph@debian.org> to control@bugs.debian.org. (Sat, 27 May 2017 23:33:03 GMT) (full text, mbox, link).

Message sent on to Salvatore Bonaccorso <carnil@debian.org>:
Bug#861511. (Sat, 27 May 2017 23:33:05 GMT) (full text, mbox, link).

Message #10 received at 861511-submitter@bugs.debian.org (full text, mbox, reply):

From: Sandro Tosi <morph@debian.org>
To: 861511-submitter@bugs.debian.org
Subject: Bug#861511 marked as pending
Date: Sat, 27 May 2017 23:30:02 +0000
tag 861511 pending
thanks

Hello,

Bug #861511 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    https://anonscm.debian.org/cgit/python-modules/packages/mysql-connector-python.git/commit/?id=32be56e

---
commit 32be56e2d920c626b574f003f163cce261b294c9
Author: Sandro Tosi <morph@debian.org>
Date:   Sun May 14 11:01:27 2017 -0400

    New upstream release

diff --git a/debian/changelog b/debian/changelog
index cf037e5..4b5cf60 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+mysql-connector-python (2.1.6-1) UNRELEASED; urgency=medium
+
+  * New upstream release
+    - fixes CVE-2017-3590; Closes: #861511
+
+ -- Sandro Tosi <morph@debian.org>  Sun, 14 May 2017 11:00:43 -0400
+
 mysql-connector-python (2.1.5-1) unstable; urgency=medium
 
   * New upstream release

Reply sent to Sandro Tosi <morph@debian.org>:
You have taken responsibility. (Sat, 27 May 2017 23:51:03 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Sat, 27 May 2017 23:51:03 GMT) (full text, mbox, link).

Message #15 received at 861511-close@bugs.debian.org (full text, mbox, reply):

From: Sandro Tosi <morph@debian.org>
To: 861511-close@bugs.debian.org
Subject: Bug#861511: fixed in mysql-connector-python 2.1.6-1
Date: Sat, 27 May 2017 23:48:41 +0000
Source: mysql-connector-python
Source-Version: 2.1.6-1

We believe that the bug you reported is fixed in the latest version of
mysql-connector-python, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 861511@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sandro Tosi <morph@debian.org> (supplier of updated mysql-connector-python package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 27 May 2017 19:25:45 -0400
Source: mysql-connector-python
Binary: python-mysql.connector python3-mysql.connector
Architecture: source all
Version: 2.1.6-1
Distribution: unstable
Urgency: medium
Maintainer: Sandro Tosi <morph@debian.org>
Changed-By: Sandro Tosi <morph@debian.org>
Description:
 python-mysql.connector - pure Python implementation of MySQL Client/Server protocol
 python3-mysql.connector - pure Python implementation of MySQL Client/Server protocol (Pytho
Closes: 861511
Changes:
 mysql-connector-python (2.1.6-1) unstable; urgency=medium
 .
   * New upstream release
     - fixes CVE-2017-3590; Closes: #861511
   * debian/copyright
     - extend upstream copyright years
     - update packaging copyright years
Checksums-Sha1:
 44744e7269e8f8b10ecf683532d4ee2067928465 2326 mysql-connector-python_2.1.6-1.dsc
 77a49a709a8204863811e3eacb04f13c2be7caa0 11777023 mysql-connector-python_2.1.6.orig.tar.gz
 976442f0e2e8ee39f3ce659532c56c5aad9a14ce 4572 mysql-connector-python_2.1.6-1.debian.tar.xz
 601667444a5409c8aa9c75ec5b467ff94fa016a3 7423 mysql-connector-python_2.1.6-1_amd64.buildinfo
 c5ade5867160f53caf2db8266c022acdb8afc364 100384 python-mysql.connector_2.1.6-1_all.deb
 ff1069aa236a8013b842c1114f9c5dd958bc047e 100458 python3-mysql.connector_2.1.6-1_all.deb
Checksums-Sha256:
 174fc47cecfea7d2a8f51d83a0b494e636dc3505cfe5e1825ef9096b1eaeba6a 2326 mysql-connector-python_2.1.6-1.dsc
 d5f7e77bec937d50d2dc62c751e7470caa8d21fec9a3305856dd58705c62df99 11777023 mysql-connector-python_2.1.6.orig.tar.gz
 ce93928c18361f41465832c722a363f48309358a46251db6a886ca62adb5b751 4572 mysql-connector-python_2.1.6-1.debian.tar.xz
 183b9b353ece56b1a3dfa244ffe66a94ec6dd340e56dc239fe3f03b652067577 7423 mysql-connector-python_2.1.6-1_amd64.buildinfo
 aaeebac35d464a0c7eb4b6cb96d8250c5c213c109ea56077077cf650448aa9cf 100384 python-mysql.connector_2.1.6-1_all.deb
 f17c1184852c5bea24806843edc31f93276f47775adf0ae8c12c4edcd25c7dca 100458 python3-mysql.connector_2.1.6-1_all.deb
Files:
 769db32ca4fc8824d292f21e804c7796 2326 python optional mysql-connector-python_2.1.6-1.dsc
 32fddb04b0d2840303d92040c394504c 11777023 python optional mysql-connector-python_2.1.6.orig.tar.gz
 53f228ca3931ad92832c538a904f440a 4572 python optional mysql-connector-python_2.1.6-1.debian.tar.xz
 b4e6ea522e811eaf8ef9db48fd1b5243 7423 python optional mysql-connector-python_2.1.6-1_amd64.buildinfo
 440f88b1d3765eef97b2a11744a2e5d5 100384 python optional python-mysql.connector_2.1.6-1_all.deb
 573694125544bd33fc13eaaab5b063e3 100458 python optional python3-mysql.connector_2.1.6-1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEufrTGSrz5KUwnZ05h588mTgBqU8FAlkqC+IACgkQh588mTgB
qU/AHRAAtHfrlB1SU0/1gZ5iCHIrziB20ArPKYHVL8hrMjOZDhs62Be7OG7F+YDM
H2k/LK2YinrRxKFtk+Ti9m3sJyLNRs4d0Gi+9141wmTSmD6RRGwt77hipdxupkgW
KL5Ea+VhCglEpydnKwXmOcUPaJ0M8B/BFHbBedjAe+p1dCH4Joe8qXMBEP58hddf
T1ZOdzuJtP+u+LwegQN9nXh4QPLQCBHbkbM81M0N5eYyk/qQHj9gi9nDgOdx6Cnr
ypjIjYbz0TzM3H0Nuby4TMvHGQ314axzdvMo6UGjGgYV7SXFPuhoJKOb4fkFvEnk
Jv+9n2772MCiKc53AOwo10yqzjTnVNgiDpZlIKdwRTuYNBxSmVUmarXzlVj8OGnq
LTyosPLs+JU7/XoOGhNBqRHZojX/hwLCUzIVKLbWNPmakKDlicNTS9mb2Ix8tuY1
Z2F9RM6IWk9fwIA5uFOjqXBg+/3RSNciKiEC3n+c4HvYlhnhhQGB3prhnKcHFLxF
+zvsa/CfDRJ1hfy6XLTOYsjuaaO1Tphi3Vm3XlpdzDadf1ndUTkEJH4KiyZ8lvNy
Dgwd3KNOC22sCX83ZmUFDQ21HhVNFMp38ZxDes8+BxdnRnQkevaTMrAf12aZHSto
nKj1LQvqL4Fh47YhfOiDvBPdfEVfsopf7N+etnsPc0ecDOvyH5w=
=8JLU
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 27 Jun 2017 07:25:04 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 14:59:36 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started