Bug 31431 - mysql-connector-java new security issue CVE-2022-3171
Summary: mysql-connector-java new security issue CVE-2022-3171
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: All Packagers
QA Contact: Sec team
URL:
Whiteboard: MGA8TOO
Keywords:
Depends on:
Blocks:
 
Reported: 2023-01-18 19:58 CET by David Walser
Modified: 2024-03-13 10:46 CET (History)
1 user (show)

See Also:
Source RPM: mysql-connector-java
CVE: CVE-2022-3171
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-01-18 19:58:24 CET 
Oracle CPU for January 2023 lists MySQL connector CVEs:
https://www.oracle.com/security-alerts/cpujan2023.html#AppendixMSQL

This issue is actually in protobuf, which we haven't addressed (Bug 30906).

If this package bundles protobuf, we should link it to the system one.

Mageia 8 is also affected.
David Walser 2023-01-18 19:58:38 CET

Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2023-01-18 21:22:45 CET 
That other bug 30906 is worth a look. It needs moving.

Assigning this globally in the absence of a particular packager.

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=30906
Assignee: bugsquad => pkg-bugs

Lewis Smith 2023-01-18 21:34:34 CET

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=31432

Comment 2 Nicolas Salguero 2024-03-13 10:46:01 CET 
In fact, the problem affected mysql-connector-java and is already fixed in mysql-connector-java-8.0.33-1.mga9.

Status: NEW => RESOLVED
Summary: mysql-connector-net new security issue CVE-2022-3171 => mysql-connector-java new security issue CVE-2022-3171
Resolution: (none) => FIXED
Version: Cauldron => 9
CVE: (none) => CVE-2022-3171
Source RPM: mysql-connector-net-6.9.9-2.mga9.src.rpm => mysql-connector-java
CC: (none) => nicolas.salguero
Note You need to log in before you can comment on or make changes to this bug.