HI Robie, On Wed, May 04, 2022 at 01:51:26PM +0100, Robie Basak wrote: > [adding [email protected] since I think this is > mistriaged in Debian's security tracker] > > On Wed, May 04, 2022 at 10:27:42AM +0000, Cyrille Bollu wrote: > > The vulnerability report that I've received relates to CVE-2022-21363 which > > is purportedly fixed in mysql 8.0.29. > > I think (but am not sure and have not taken any steps to verify) that > this might be in the source package named mysql-connector-java, not the > source package named mysql-8.0. Ubuntu seems to think so: > > https://ubuntu.com/security/cve-2022-21363 > > But Debian has listed this against mysql-8.0, which I'm not sure is > right: > > https://security-tracker.debian.org/tracker/CVE-2022-21363
Thanks for spotting, I have fixed the tracking in the security-tracker. Regards, Salvatore
