Oracle CPU for January 2023 lists MySQL connector CVEs: https://www.oracle.com/security-alerts/cpujan2023.html#AppendixMSQL This issue is actually in protobuf, which we haven't addressed (Bug 30906). If this package bundles protobuf, we should link it to the system one. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOO
That other bug 30906 is worth a look. It needs moving. Assigning this globally in the absence of a particular packager.
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=30906Assignee: bugsquad => pkg-bugs
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=31432
In fact, the problem affected mysql-connector-java and is already fixed in mysql-connector-java-8.0.33-1.mga9.
Status: NEW => RESOLVEDSummary: mysql-connector-net new security issue CVE-2022-3171 => mysql-connector-java new security issue CVE-2022-3171Resolution: (none) => FIXEDVersion: Cauldron => 9CVE: (none) => CVE-2022-3171Source RPM: mysql-connector-net-6.9.9-2.mga9.src.rpm => mysql-connector-javaCC: (none) => nicolas.salguero