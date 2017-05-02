-----BEGIN PGP SIGNED MESSAGE-----

Debian Security Advisory DSA-3840-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

May 02, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------



Package : mysql-connector-java

CVE ID : CVE-2017-3523



Thijs Alkemade discovered that unexpected automatic deserialisation of

Java objects in the MySQL Connector/J JDBC driver may result in the

execution of arbitary code. For additional details, please refer to the

advisory at

https://www.computest.nl/advisories/CT-2017-0425_MySQL-Connector-J.txt



For the stable distribution (jessie), this problem has been fixed in

version 5.1.41-1~deb8u1.



For the upcoming stable distribution (stretch), this problem has been

fixed in version 5.1.41-1.



For the unstable distribution (sid), this problem has been fixed in

version 5.1.41-1.



We recommend that you upgrade your mysql-connector-java packages.



