Control: tags -1 confirmed moreinfo Sandro Tosi: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > > Hello, > BTS 861511 was reported yesterday against mysql-connector-python stating the > new > upstream version (2.1.6) fixes CVE-2017-3590. > > The upstream versions diff (attached) is quite important, so i would > understand > if you decide not to accept a potential upload of this new version aiming for > an > unblock to strech, but i would still like you to have a look and decide on it. > > Thanks, > Sandro > > [...]
Ack, please go ahead and remove the moreinfo tag once the upload has been processed and has been built on all relevant release architectures. NOTE: the test suite contains certificates that expire in 2018. If that causes test failures, then that is an RC bug (as it would mean we would be unable to compile mysql-connector-python in stretch before its EOL). AFAICT, said problem would also exists in the current version (except the expiry reads 2017 instead). Please consider replacing the certificates with once that can survive stretch + stretch-lts's life-time. Thanks, ~Niels
