Oracle CPU for January 2023 lists MySQL connector CVEs: https://www.oracle.com/security-alerts/cpujan2023.html#AppendixMSQL This issue is actually in protobuf, which we haven't addressed (Bug 30906). If this package bundles protobuf, we should link it to the system one. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOO
Assigning to python stack maintainers, but this bug is a clone of bug 31431. See also bug 30906.
Assignee: bugsquad => pythonSee Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=31431, https://bugs.mageia.org/show_bug.cgi?id=30906
It's not a clone. Different CVE, different package.
This package is noarch. It requires python3-protobuf which is provided by protobuf source. CVE-2022-1941 report cites python-protobuf as being affected but not mysql-connector-python Thus I don't think that this package is affected.
CC: (none) => yves.brungard_mageia
I'll buy that.
Resolution: (none) => INVALIDStatus: NEW => RESOLVED