A mysql-connector-java security update has been released for Debian GNU/Linux 8 LTS to address several issues that allow attackers to update, insert or delete access to some of MySQL Connectors accessible data, unauthorized read access to a subset of the data, and partial denial of service.

DLA 2245-1: mysql-connector-java security update

Package : mysql-connector-java
Version : 5.1.49-0+deb8u1
CVE ID : CVE-2020-2875 CVE-2020-2933 CVE-2020-2934

Several issues were discovered in mysql-connector-java, a Java database
(JDBC) driver for MySQL, that allow attackers to update, insert or
delete access to some of MySQL Connectors accessible data, unauthorized
read access to a subset of the data, and partial denial of service.

For Debian 8 "Jessie", these problems have been fixed in version
5.1.49-0+deb8u1.

We recommend that you upgrade your mysql-connector-java packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at:   https://wiki.debian.org/LTS