Bug#861580: (pre-approval) unblock: mysql-connector-python/2.1.6
Hi,
On Sun, May 07, 2017 at 07:41:00PM +0000, Niels Thykier wrote:
> Control: tags -1 confirmed moreinfo
>
> Sandro Tosi:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian.org@packages.debian.org
> > Usertags: unblock
> >
> > Hello,
> > BTS 861511 was reported yesterday against mysql-connector-python stating the new
> > upstream version (2.1.6) fixes CVE-2017-3590.
> >
> > The upstream versions diff (attached) is quite important, so i would understand
> > if you decide not to accept a potential upload of this new version aiming for an
> > unblock to strech, but i would still like you to have a look and decide on it.
> >
> > Thanks,
> > Sandro
> >
> > [...]
>
> Ack, please go ahead and remove the moreinfo tag once the upload has
> been processed and has been built on all relevant release architectures.
>
> NOTE: the test suite contains certificates that expire in 2018. If that
> causes test failures, then that is an RC bug (as it would mean we would
> be unable to compile mysql-connector-python in stretch before its EOL).
> AFAICT, said problem would also exists in the current version (except
> the expiry reads 2017 instead).
> Please consider replacing the certificates with once that can survive
> stretch + stretch-lts's life-time.
Sandro, any news on the upload?
Regards,
Salvatore
Reply to: