[Git][security-tracker-team/security-tracker][master] dla: sqlalchemy: waiting upstream feedback

Sylvain Beucler beuc at debian.org
Mon Mar 11 21:12:13 GMT 2019 

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
334b3296 by Sylvain Beucler at 2019-03-11T21:11:32Z
dla: sqlalchemy: waiting upstream feedback

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -93,8 +93,18 @@ sox
   NOTE: 20190305: CVE-2019-835{4,5,6,7} no upstream patch yet, might take some time.
   NOTE: Check again later. - hle
 --
-sqlalchemy (Sylvain Beucler)
+sqlalchemy
   NOTE: 20190226: Patch is quite invasive. (lamby)
+  NOTE: 20190311: Patch requires prior work which would also need to be backported (Beuc)
+  NOTE: 20190311:   Manual backport breaks testsuite even with fewer tests than 1.3
+  NOTE: 20190311:     (50+ errors - ask me if you need it)
+  NOTE: 20190311:   1.2 official backport currently cancelled, fix caused issues in 1.3 already
+  NOTE: 20190311:     https://github.com/sqlalchemy/sqlalchemy/issues/4510
+  NOTE: 20190311:   Maintainer is at RedHat, RHEL 7 has 0.9.8 like us, but no updates
+  NOTE: 20190311:     https://access.redhat.com/security/cve/cve-2019-7164
+  NOTE: 20190311:     https://bugzilla.redhat.com/show_bug.cgi?id=1674059
+  NOTE: 20190311:     (current status: rare use case + doesn't seem to directly affect openstack => low priority)
+  NOTE: 20190311:   Asked at https://github.com/sqlalchemy/sqlalchemy/issues/4481 about status, waiting for now
 --
 sssd (Hugo Lefeuvre)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/334b329657bcefc4334b589536bd66b20a5edcb3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/334b329657bcefc4334b589536bd66b20a5edcb3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190311/17f91c1c/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list