openSUSE-SU-2024:0351-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2024:0351-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/openSUSE-SU-2024:0351-1
- Related
- Published
- 2024-11-06T17:13:19Z
- Modified
- 2024-11-06T17:13:19Z
- Summary
- Security update for python-mysql-connector-python
- Details
-
This update for python-mysql-connector-python fixes the following issues:
- Update to 9.1.0 (boo#1231740, CVE-2024-21272)
- WL#16452: Bundle all installable authentication plugins when building the C-extension
- WL#16444: Drop build support for DEB packages
- WL#16442: Upgrade gssapi version to 1.8.3
- WL#16411: Improve wheel metadata information for Classic and XDevAPI connectors
- WL#16341: OpenID Connect (Oauth2 - JWT) Authentication Support
- WL#16307: Remove Python 3.8 support
- WL#16306: Add support for Python 3.13
- BUG#37055435: Connection fails during the TLS negotiation when specifying TLSv1.3 ciphers
- BUG#37013057: mysql-connector-python Parameterized query SQL injection
- BUG#36765200: python mysql connector 8.3.0 raise %-.100s:%u when input a wrong host
- BUG#36577957: Update charset/collation description indicate this is 16 bits
- 9.0.0:
- WL#16350: Update dnspython version
- WL#16318: Deprecate Cursors Prepared Raw and Named Tuple
- WL#16284: Update the Python Protobuf version
- WL#16283: Remove OpenTelemetry Bundled Installation
- BUG#36664998: Packets out of order error is raised while changing user in aio
- BUG#36611371: Update dnspython required versions to allow latest 2.6.1
- BUG#36570707: Collation set on connect using C-Extension is ignored
- BUG#36476195: Incorrect escaping in pure Python mode if sqlmode includes NOBACKSLASH_ESCAPES
- BUG#36289767: MySQLCursorBufferedRaw does not skip conversion
- 8.4.0
- WL#16203: GPL License Exception Update
- WL#16173: Update allowed cipher and cipher-suite lists
- WL#16164: Implement support for new vector data type
- WL#16127: Remove the FIDO authentication mechanism
- WL#16053: Support GSSAPI/Kerberos authentication on Windows using authenticationldapsasl_client plug-in for C-extension
- BUG#36227964: Improve OpenTelemetry span coverage
- BUG#36167880: Massive memory leak mysqlx native Protobuf adding to collection
- 8.3.0
- WL#16015: Remove use of removed COM_ commands
- WL#15985: Support GSSAPI/Kerberos authentication on Windows using authenticationldapsaslclient plug-in for Pure Python
- WL#15983: Stop using mysqlsslset api
- WL#15982: Remove use of mysqlshutdown
- WL#15950: Support query parameters for prepared statements
- WL#15942: Improve type hints and standardize byte type handling
- WL#15836: Split mysql and mysqlx into different packages
- WL#15523: Support Python DB API asynchronous execution
- BUG#35912790: Binary strings are converted when using prepared statements
- BUG#35832148: Fix Django timezone.utc deprecation warning
- BUG#35710145: Bad MySQLCursor.statement and result when query text contains code comments
- BUG#21390859: STATEMENTS GET OUT OF SYNCH WITH RESULT SETS
- Update to 9.1.0 (boo#1231740, CVE-2024-21272)
- References
Affected packages
SUSE:Package Hub 15 SP5 / python-mysql-connector-python
Package
- Name
- python-mysql-connector-python
- Purl
- pkg:rpm/suse/python-mysql-connector-python&distro=SUSE%20Package%20Hub%2015%20SP5