CVE-2017-3590 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3590): Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 2.1.5 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
@Maintainers current version 2.1.7 should be fixed. Please let us know when tree is clean from vulnerable versions. Thank you.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=03d1b50bd3cd36192cc5b23c16a12c47070948fa commit 03d1b50bd3cd36192cc5b23c16a12c47070948fa Author: Virgil Dupras <vdupras@gentoo.org> AuthorDate: 2018-07-16 13:34:27 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-07-16 13:43:18 +0000 dev-python/mysql-connector-python: remove vulnerable version Bug: https://bugs.gentoo.org/635616 Package-Manager: Portage-2.3.40, Repoman-2.3.9 dev-python/mysql-connector-python/Manifest | 1 - .../mysql-connector-python-2.1.4.ebuild | 37 ---------------------- 2 files changed, 38 deletions(-)
The only remaining version, 2.14, has been removed from the tree. The package has no stable ebuild yet so I don't think there's anything left to do.
