{"affected":[{"ecosystem_specific":{"binaries":[{"python3-mysql-connector-python":"9.1.0-bp155.3.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP5","name":"python-mysql-connector-python","purl":"pkg:rpm/suse/python-mysql-connector-python&distro=SUSE%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.1.0-bp155.3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python3-mysql-connector-python":"9.1.0-bp155.3.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"python-mysql-connector-python","purl":"pkg:rpm/opensuse/python-mysql-connector-python&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.1.0-bp155.3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for python-mysql-connector-python fixes the following issues:\n\n- Update to 9.1.0 (boo#1231740, CVE-2024-21272)\n  - WL#16452: Bundle all installable authentication plugins when building the C-extension\n  - WL#16444: Drop build support for DEB packages\n  - WL#16442: Upgrade gssapi version to 1.8.3\n  - WL#16411: Improve wheel metadata information for Classic and XDevAPI connectors\n  - WL#16341: OpenID Connect (Oauth2 - JWT) Authentication Support\n  - WL#16307: Remove Python 3.8 support\n  - WL#16306: Add support for Python 3.13\n  - BUG#37055435: Connection fails during the TLS negotiation when specifying TLSv1.3 ciphers\n  - BUG#37013057: mysql-connector-python Parameterized query SQL injection\n  - BUG#36765200: python mysql connector 8.3.0 raise %-.100s:%u when input a wrong host\n  - BUG#36577957: Update charset/collation description indicate this is 16 bits\n- 9.0.0:\n  - WL#16350: Update dnspython version\n  - WL#16318: Deprecate Cursors Prepared Raw and Named Tuple\n  - WL#16284: Update the Python Protobuf version\n  - WL#16283: Remove OpenTelemetry Bundled Installation\n  - BUG#36664998: Packets out of order error is raised while changing user in aio\n  - BUG#36611371: Update dnspython required versions to allow latest 2.6.1\n  - BUG#36570707: Collation set on connect using C-Extension is ignored\n  - BUG#36476195: Incorrect escaping in pure Python mode if sql_mode includes NO_BACKSLASH_ESCAPES\n  - BUG#36289767: MySQLCursorBufferedRaw does not skip conversion\n- 8.4.0\n  - WL#16203: GPL License Exception Update\n  - WL#16173: Update allowed cipher and cipher-suite lists\n  - WL#16164: Implement support for new vector data type\n  - WL#16127: Remove the FIDO authentication mechanism\n  - WL#16053: Support GSSAPI/Kerberos authentication on Windows using authentication_ldap_sasl_client plug-in for C-extension\n  - BUG#36227964: Improve OpenTelemetry span coverage\n  - BUG#36167880: Massive memory leak mysqlx native Protobuf adding to collection\n- 8.3.0\n  - WL#16015: Remove use of removed COM_ commands\n  - WL#15985: Support GSSAPI/Kerberos authentication on Windows using authentication_ldap_sasl_client plug-in for Pure Python\n  - WL#15983: Stop using mysql_ssl_set api\n  - WL#15982: Remove use of mysql_shutdown\n  - WL#15950: Support query parameters for prepared statements\n  - WL#15942: Improve type hints and standardize byte type handling\n  - WL#15836: Split mysql and mysqlx into different packages\n  - WL#15523: Support Python DB API asynchronous execution\n  - BUG#35912790: Binary strings are converted when using prepared statements\n  - BUG#35832148: Fix Django timezone.utc deprecation warning\n  - BUG#35710145: Bad MySQLCursor.statement and result when query text contains code comments\n  - BUG#21390859: STATEMENTS GET OUT OF SYNCH WITH RESULT SETS\n","id":"openSUSE-SU-2024:0351-1","modified":"2024-11-06T17:13:19Z","published":"2024-11-06T17:13:19Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/A4QYWY7IAP4RFAA3R6QMK3Q6FFAY4UOZ/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231740"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21272"}],"related":["CVE-2024-21272"],"summary":"Security update for python-mysql-connector-python","upstream":["CVE-2024-21272"]}