{
  "schema_version": "1.7.0",
  "id": "MGASA-2015-0255",
  "published": "2015-07-05T17:22:03Z",
  "modified": "2015-07-09T07:56:53Z",
  "summary": "Updated mysql-connector-java package fixes security vulnerability",
  "details": "Difficult to exploit vulnerability allows successful authenticated network\nattacks via multiple protocols. Successful attack of this vulnerability\ncan result in unauthorized update, insert or delete access to some MySQL\nConnectors accessible data as well as read access to a subset of MySQL\nConnectors accessible data (CVE-2015-2575).\n\nThe mysql-connector-java package has been updated to version 5.1.35 to fix\nthis issue and several other bugs\n",
  "upstream": [
    "CVE-2015-2575"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2015-0255.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=16070"
    },
    {
      "type": "WEB",
      "url": "http://dev.mysql.com/doc/relnotes/connector-j/en/news-5-1.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00089.html"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "mysql-connector-java",
        "purl": "pkg:rpm/mageia/mysql-connector-java?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.1.35-1.mga4"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}