Summary: | dev-db/mycli: inadequate encryption of configuration | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | trivial | CC: | parona, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/dbcli/mycli/issues/1131 | ||
Whiteboard: | ~4 [upstream] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
![]() ![]() ![]() ![]() Issue closed by author. https://github.com/dbcli/mycli/issues/1131#issuecomment-1849023748 """ This CVE does appear to be a false positive. I'd recommend that a project maintainer contact the CVE program to dispute this CVE. Contact form: https://cveform.mitre.org/ Select a request type "Request an update to an existing CVE Entry." Type of update requested: "Rejection" Fill out CVE ID + Rationale As @terjeros pointed out, MySQL uses AES ECB for this specific purpose, and this library is compatible with MySQL. @gxx777 - I'd recommend contacting the MySQL server project to discuss the use of AES ECB by the MySQL Configuration Utility to determine if it should be considered a vulnerability! """ Thanks! Invalid for us then. |