Date: Wed, 1 Oct 2025 09:44:38 GMT From: Muhammad Moinur Rahman <bofh@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 810b7de4a97e - main - security/vuxml: Add entry for py-mysql-connector-python Message-ID: <202510010944.5919icxH034755@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by bofh: URL: https://cgit.FreeBSD.org/ports/commit/?id=810b7de4a97eabe84831064a04d78e5b2db57b40 commit 810b7de4a97eabe84831064a04d78e5b2db57b40 Author: Muhammad Moinur Rahman <bofh@FreeBSD.org> AuthorDate: 2025-10-01 09:43:34 +0000 Commit: Muhammad Moinur Rahman <bofh@FreeBSD.org> CommitDate: 2025-10-01 09:44:24 +0000 security/vuxml: Add entry for py-mysql-connector-python PR: 289934 Reported by: patrik@hildingsson.se --- security/vuxml/vuln/2025.xml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 867eb00f1ccc..3a34965f0df5 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,44 @@ + <vuln vid="cb570d6f-9ea9-11f0-9446-f02f7497ecda"> + <topic>py-mysql-connector-python -- Vulnerability in the MySQL Connectors product of Oracle MySQL</topic> + <affects> + <package> + <name>py39-mysql-connector-python</name> + <name>py310-mysql-connector-python</name> + <name>py311-mysql-connector-python</name> + <name>py312-mysql-connector-python</name> + <range><lt>9.2.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Oracle reports:</p> + <blockquote cite="https://www.oracle.com/security-alerts/cpujan2025.html">; + <p>Vulnerability in the MySQL Connectors product of Oracle MySQL + (component: Connector/Python). Supported versions that are affected are + 9.1.0 and prior. Easily exploitable vulnerability allows high privileged + attacker with network access via multiple protocols to compromise MySQL + Connectors. Successful attacks require human interaction from a person + other than the attacker. Successful attacks of this vulnerability can + result in unauthorized creation, deletion or modification access to + critical data or all MySQL Connectors accessible data as well as + unauthorized read access to a subset of MySQL Connectors accessible data + and unauthorized ability to cause a hang or frequently repeatable crash + (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.4 + (Confidentiality, Integrity and Availability impacts). CVSS Vector: + (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-21548</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-21548</url>; + </references> + <dates> + <discovery>2025-01-21</discovery> + <entry>2025-10-01</entry> + </dates> + </vuln> + <vuln vid="00e912c5-9e92-11f0-bc5f-8447094a420f"> <topic>OpenSSL -- multiple vulnerabilities</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202510010944.5919icxH034755>