| Summary: | dev-db/mycli: inadequate encryption of configuration | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED INVALID | ||
| Severity: | trivial | CC: | parona, proxy-maint |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://github.com/dbcli/mycli/issues/1131 | ||
| Whiteboard: | ~4 [upstream] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
John Helmert III
2023-11-24 20:57:53 UTC
Issue closed by author. https://github.com/dbcli/mycli/issues/1131#issuecomment-1849023748 """ This CVE does appear to be a false positive. I'd recommend that a project maintainer contact the CVE program to dispute this CVE. Contact form: https://cveform.mitre.org/ Select a request type "Request an update to an existing CVE Entry." Type of update requested: "Rejection" Fill out CVE ID + Rationale As @terjeros pointed out, MySQL uses AES ECB for this specific purpose, and this library is compatible with MySQL. @gxx777 - I'd recommend contacting the MySQL server project to discuss the use of AES ECB by the MySQL Configuration Utility to determine if it should be considered a vulnerability! """ Thanks! Invalid for us then. |