[Git][security-tracker-team/security-tracker][master] Reserve DLA-1718-1 for sqlalchemy

Mon Mar 18 13:17:03 GMT 2019

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c625032d by Sylvain Beucler at 2019-03-18T13:16:50Z
Reserve DLA-1718-1 for sqlalchemy

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[18 Mar 2019] DLA-1718-1 sqlalchemy - security update
+	{CVE-2019-7164 CVE-2019-7548}
+	[jessie] - sqlalchemy 0.9.8+dfsg-0.1+deb8u1
 [18 Mar 2019] DLA-1717-1 rdflib - security update
 	{CVE-2019-7653}
 	[jessie] - rdflib 4.1.2-3+deb8u1


=====================================
data/dla-needed.txt
=====================================
@@ -111,21 +111,6 @@ sox
   NOTE: 20190305: CVE-2019-835{4,5,6,7} no upstream patch yet, might take some time.
   NOTE: Check again later. - hle
 --
-sqlalchemy
-  NOTE: 20190226: Patch is quite invasive. (lamby)
-  NOTE: 20190311: Patch requires prior work which would also need to be backported (Beuc)
-  NOTE: 20190311:   Manual backport breaks testsuite even with fewer tests than 1.3
-  NOTE: 20190311:     (50+ errors - ask me if you need it)
-  NOTE: 20190311:   1.2 official backport currently cancelled, fix caused issues in 1.3 already
-  NOTE: 20190311:     https://github.com/sqlalchemy/sqlalchemy/issues/4510
-  NOTE: 20190311:   Maintainer is at RedHat, RHEL 7 has 0.9.8 like us, but no updates yet
-  NOTE: 20190311:     https://access.redhat.com/security/cve/cve-2019-7164
-  NOTE: 20190311:     https://bugzilla.redhat.com/show_bug.cgi?id=1674059
-  NOTE: 20190311:     (current status: rare use case + doesn't seem to directly affect openstack => low priority)
-  NOTE: 20190312: New 0.9.x patch that doesn't seem to work yet
-  NOTE: 20190312:   https://gerrit.sqlalchemy.org/#/c/sqlalchemy/sqlalchemy/+/1165/
-  NOTE: 20190312:   https://github.com/sqlalchemy/sqlalchemy/issues/4481
---
 wireshark (Thorsten Alteholz)
   NOTE: 20190317: testing package
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c625032da97d3ee0866649b2d5aa8c1f375a3dc9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c625032da97d3ee0866649b2d5aa8c1f375a3dc9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190318/195535ce/attachment-0001.html>
