{"affected":[{"ecosystem_specific":{"binaries":[{"python2-mysql-connector-python":"8.0.19-bp151.4.3.1","python3-mysql-connector-python":"8.0.19-bp151.4.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP1","name":"python-mysql-connector-python","purl":"pkg:rpm/suse/python-mysql-connector-python&distro=SUSE%20Package%20Hub%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.0.19-bp151.4.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for python-mysql-connector-python fixes the following issues:\n\npython-mysql-connector-python was updated to 8.0.19 (boo#1122204 - CVE-2019-2435):\n\n- WL#13531: Remove xplugin namespace\n- WL#13372: DNS SRV support\n- WL#12738: Specify TLS ciphers to be used by a client or session\n- BUG#30270760: Fix reserved filed should have a length of 22\n- BUG#29417117: Close file in handle load data infile\n- WL#13330: Single C/Python (Win) MSI installer\n- WL#13335: Connectors should handle expired password sandbox without SET operations\n- WL#13194: Add support for Python 3.8\n- BUG#29909157: Table scans of floats causes memory leak with the C extension\n- BUG#25349794: Add read_default_file alias for option_files in connect()\n- WL#13155: Support new utf8mb4 bin collation\n- WL#12737: Add overlaps and not_overlaps as operator\n- WL#12735: Add README.rst and CONTRIBUTING.rst files\n- WL#12227: Indexing array fields\n- WL#12085: Support cursor prepared statements with C extension\n- BUG#29855733: Fix error during connection using charset and collation combination\n- BUG#29833590: Calling execute() should fetch active results\n- BUG#21072758: Support for connection attributes classic\n- WL#12864: Upgrade of Protobuf version to 3.6.1\n- WL#12863: Drop support for Django versions older than 1.11\n- WL#12489: Support new session reset functionality\n- WL#12488: Support for session-connect-attributes\n- WL#12297: Expose metadata about the source and binaries\n- WL#12225: Prepared statement support\n- BUG#29324966: Add missing username connection argument for driver compatibility\n- BUG#29278489: Fix wrong user and group for Solaris packages\n- BUG#29001628: Fix access by column label in Table.select()\n- BUG#28479054: Fix Python interpreter crash due to memory corruption\n- BUG#27897881: Empty LONG BLOB throws an IndexError\n- BUG#29260128: Disable load data local infile by default\n- WL#12607: Handling of Default Schema\n- WL#12493: Standardize count method\n- WL#12492: Be prepared for initial notice on connection\n- BUG#28646344: Remove expression parsing on values\n- BUG#28280321: Fix segmentation fault when using unicode characters in tables\n- BUG#27794178: Using use_pure=False should raise an error if cext is not available\n- BUG#27434751: Add a TLS/SSL option to verify server name\n- WL#12239: Add support for Python 3.7\n- WL#12226: Implement connect timeout\n- WL#11897: Implement connection pooling for xprotocol\n- BUG#28278352: C extension mysqlx Collection.add() leaks memory in sequential calls\n- BUG#28037275: Missing bind parameters causes segfault or unclear error message\n- BUG#27528819: Support special characters in the user and password using URI\n- WL#11951: Consolidate discrepancies between pure and c extension\n- WL#11932: Remove Fabric support\n- WL#11898: Core API v1 alignment\n- BUG#28188883: Use utf8mb4 as the default character set\n- BUG#28133321: Fix incorrect columns names representing aggregate functions\n- BUG#27962293: Fix Django 2.0 and MySQL 8.0 compatibility issues\n- BUG#27567999: Fix wrong docstring in ModifyStatement.patch()\n- BUG#27277937: Fix confusing error message when using an unsupported collation\n- BUG#26834200: Deprecate Row.get_string() method\n- BUG#26660624: Fix missing install option in documentation\n- WL#11668: Add SHA256_MEMORY authentication mechanism\n- WL#11614: Enable C extension by default\n- WL#11448: New document _id generation support\n- WL#11282: Support new locking modes NOWAIT and SKIP LOCKED\n- BUG#27639119: Use a list of dictionaries to store warnings\n- BUG#27634885: Update error codes for MySQL 8.0.11\n- BUG#27589450: Remove upsert functionality from WriteStatement class\n- BUG#27528842: Fix internal queries open for SQL injection\n- BUG#27364914: Cursor prepared statements do not convert strings\n- BUG#24953913: Fix failing unittests\n- BUG#24948205: Results from JSON_TYPE() are returned as bytearray\n- BUG#24948186: JSON type results are bytearray instead of corresponding python type\n- WL#11372: Remove configuration API\n- WL#11303: Remove CreateTable and CreateView\n- WL#11281: Transaction savepoints\n- WL#11278: Collection.create_index\n- WL#11149: Create Pylint test for mysqlx\n- WL#11142: Modify/MergePatch\n- WL#11079: Add support for Python 3.6\n- WL#11073: Add caching_sha2_password authentication plugin\n- WL#10975: Add Single document operations\n- WL#10974: Add Row locking methods to find and select operations\n- WL#10973: Allow JSON types as operands for IN operator\n- WL#10899: Add support for pure Python implementation of Protobuf\n- WL#10771: Add SHA256 authentication\n- WL#10053: Configuration handling interface\n- WL#10772: Cleanup Drop APIs\n- WL#10770: Ensure all Session connections are secure by default\n- WL#10754: Forbid modify() and remove() with no condition\n- WL#10659: Support utf8mb4 as default charset\n- WL#10658: Remove concept of NodeSession\n- WL#10657: Move version number to 8.0\n- WL#10198: Add Protobuf C++ extension implementation\n- WL#10004: Document UUID generation\n- BUG#26175003: Fix Session.sql() when using unicode SQL statements with Python 2.7\n- BUG#26161838: Dropping an non-existing index should succeed silently\n- BUG#26160876: Fix issue when using empty condition in Collection.remove() and Table.delete()\n- BUG#26029811: Improve error thrown when using an invalid parameter in bind()\n- BUG#25991574: Fix Collection.remove() and Table.delete() missing filters\n- WL#10452: Add Protobuf C++ extension for Linux variants and Mac OSX\n- WL#10081: DevAPI: IPv6 support\n- BUG#25614860: Fix defined_as method in the view creation\n- BUG#25519251: SelectStatement does not implement order_by() method\n- BUG#25436568: Update available operators for XPlugin\n- BUG#24954006: Add missing items in CHANGES.txt\n- BUG#24578507: Fix import error using Python 2.6\n- BUG#23636962: Fix improper error message when creating a Session\n- BUG#23568207: Fix default aliases for projection fields\n- BUG#23567724: Fix operator names\n- DevAPI: Schema.create_table\n- DevAPI: Flexible Parameter Lists\n- DevAPI: New transports: Unix domain socket\n- DevAPI: Core TLS/SSL options for the mysqlx URI scheme\n- DevAPI: View DDL with support for partitioning in a cluster / sharding\n- BUG#24520850: Fix unexpected behavior when using an empty collection name\n- Add support for Protocol Buffers 3\n- Add View support (without DDL)\n- Implement get_default_schema() method in BaseSchema\n- DevAPI: Per ReplicaSet SQL execution\n- DevAPI: XSession accepts a list of routers\n- DevAPI: Define action on adding empty list of documents\n- BUG#23729357: Fix fetching BIT datatype\n- BUG#23583381: Add who_am_i and am_i_real methods to DatabaseObject\n- BUG#23568257: Add fetch_one method to mysqlx.result\n- BUG#23550743: Add close method to XSession and NodeSession\n- BUG#23550057: Add support for URI as connection data\n- Provide initial implementation of new DevAPI\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.","id":"openSUSE-SU-2020:0430-1","modified":"2020-03-31T13:08:06Z","published":"2020-03-31T13:08:06Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4BTZEAGRVVQSZKISXELKWD2G6WKZMR2L/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1122204"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-2435"}],"related":["CVE-2019-2435"],"summary":"Security update for python-mysql-connector-python","upstream":["CVE-2019-2435"]}