Your message dated Mon, 17 Mar 2025 10:50:33 +0000
with message-id <e1tu83f-00fetx...@fasolo.debian.org>
and subject line Bug#1093881: fixed in mysql-connector-python 9.2.0-1
has caused the Debian Bug report #1093881,
regarding mysql-connector-python: CVE-2025-21548
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1093881: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093881
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: mysql-connector-python
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for mysql-connector-python.
CVE-2025-21548[0]:
| Vulnerability in the MySQL Connectors product of Oracle MySQL
| (component: Connector/Python). Supported versions that are affected
| are 9.1.0 and prior. Easily exploitable vulnerability allows high
| privileged attacker with network access via multiple protocols to
| compromise MySQL Connectors. Successful attacks require human
| interaction from a person other than the attacker. Successful
| attacks of this vulnerability can result in unauthorized creation,
| deletion or modification access to critical data or all MySQL
| Connectors accessible data as well as unauthorized read access to a
| subset of MySQL Connectors accessible data and unauthorized ability
| to cause a hang or frequently repeatable crash (complete DOS) of
| MySQL Connectors. CVSS 3.1 Base Score 6.4 (Confidentiality,
| Integrity and Availability impacts). CVSS Vector:
| (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-21548
https://www.cve.org/CVERecord?id=CVE-2025-21548
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: mysql-connector-python
Source-Version: 9.2.0-1
Done: Colin Watson <cjwat...@debian.org>
We believe that the bug you reported is fixed in the latest version of
mysql-connector-python, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1093...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwat...@debian.org> (supplier of updated mysql-connector-python
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 17 Mar 2025 10:35:30 +0000
Source: mysql-connector-python
Architecture: source
Version: 9.2.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+pyt...@tracker.debian.org>
Changed-By: Colin Watson <cjwat...@debian.org>
Closes: 1093881
Changes:
mysql-connector-python (9.2.0-1) unstable; urgency=medium
.
* Team upload.
* New upstream release:
- CVE-2025-21548 (closes: #1093881).
Checksums-Sha1:
fe1be1e78d44b2cc5bfc829be6662c412a0f8f36 2314
mysql-connector-python_9.2.0-1.dsc
0460f5ceecfcbc924bb7995bc0fe2a7edb8c0c21 16929117
mysql-connector-python_9.2.0.orig.tar.gz
4ca7db4f7bb49cf2889f7a988f28b11b645cd6a5 5788
mysql-connector-python_9.2.0-1.debian.tar.xz
Checksums-Sha256:
bc32c03d9c73f9ee2c6226d42b12ac6ca5185c191cf5ee9a07ee856706fe485a 2314
mysql-connector-python_9.2.0-1.dsc
0805afa34eccb90cdb114cadf522550ccaa0be1cfdc148875aacfcca4822cb79 16929117
mysql-connector-python_9.2.0.orig.tar.gz
3282d328baa5dfcfde35643a4bd820d014e453d87ad260b5919655558393fc9c 5788
mysql-connector-python_9.2.0-1.debian.tar.xz
Files:
27f3f391eb4bbca8742e88e155c22b19 2314 python optional
mysql-connector-python_9.2.0-1.dsc
608a884c2b8290f429276afe3c6113e9 16929117 python optional
mysql-connector-python_9.2.0.orig.tar.gz
700b2300c68a6272d55115d248cea54f 5788 python optional
mysql-connector-python_9.2.0-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmfX+6MACgkQOTWH2X2G
UAsLRw//a5RNZ2h8w7Hv4lPpVkOs3D5Dw25CHtmnLLLTiaIJnzqfUCdvq9QhbAy7
GapB5UKsxTrGuZhFWjw5X6+b9+NbydkA2c5TltqU5yDrK9gL/qaVuYuCCrQZKh60
nQLxt3fv6FJBi4Ev9f9zDUofq4k2uN97JZ8WNXkqG4eYc/lJWbkIdVboibNfd6oe
Vv+xetAKnJFyTAucjlzoF+53SK93NOnTAnqEl9mSzWH7mQjR2yFX0zFG7JdxewZL
FI5nK/ZWlrZd4e8/fq2F/BoSbOLSSml2PU99ux89vGCs1+iDDQNrp/Ew9IeESlIP
/V5Tdga+J35oZfTi3B5de/hrQ6niD0tKVcY+x9OcCL0LpoFs6u/9m/4mrxdy0Y4K
qWio2TTiS4UzIupJ81BISqqhXcHjnKF21xtZDJYT9MaetsPv4LgyPmLpiDYiTrUS
bcyZLZ3/zU42cY79PmbKwceoPfQzyIcHFXKDVXQybPsh+3OTcgghbIxzueQYMrj5
X1wXZfTMDb8Tu/d8sXUniLv6lQIw6pOWj/aHwMR6iFTsGsefJMAH7JASQpUoTzwv
bQepsSnvP2suiMjcCBVsE+kX317VceqO7H9emMrLbHoCCaCRCuyaeH/uYuxAO8O1
6iN+4S1scD1tYvR0PPXtMwi9WwKKxlox4yUmI69qM0uDUHJK014=
=oNuF
-----END PGP SIGNATURE-----
pgpIV1UrcihiG.pgp
Description: PGP signature
--- End Message ---
