[Git][security-tracker-team/security-tracker][master] Reserve DLA-4062-1 for python-werkzeug

Chris Lamb (@lamby) lamby at debian.org
Fri Feb 21 12:48:26 GMT 2025 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6759034b by Chris Lamb at 2025-02-21T12:48:00+00:00
Reserve DLA-4062-1 for python-werkzeug

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -81080,7 +81080,6 @@ CVE-2024-34078 (html-sanitizer is an allowlist-based HTML cleaner. If using `kee
 CVE-2024-34069 (Werkzeug is a comprehensive WSGI web application library. The debugger ...)
 	- python-werkzeug 3.0.3-1 (bug #1070711)
 	[bookworm] - python-werkzeug 2.2.2-3+deb12u1
-	[bullseye] - python-werkzeug <postponed> (Minor issue)
 	[buster] - python-werkzeug <postponed> (Minor issue)
 	NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-2g68-c3qc-8985
 	NOTE: Fixed by: https://github.com/pallets/werkzeug/commit/71b69dfb7df3d912e66bab87fbb1f21f83504967 (3.0.3)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Feb 2025] DLA-4062-1 python-werkzeug - security update
+	{CVE-2024-34069}
+	[bullseye] - python-werkzeug 1.0.1+dfsg1-2+deb11u2
 [21 Feb 2025] DLA-4061-1 libtasn1-6 - security update
 	{CVE-2024-12133}
 	[bullseye] - libtasn1-6 4.16.0-2+deb11u2


=====================================
data/dla-needed.txt
=====================================
@@ -228,11 +228,6 @@ phpmyadmin (Chris Lamb)
   NOTE: 20250209: Added by Front-Desk (apo)
   NOTE: 20250219: Packaged prepared on salsa. (lamby)
 --
-python-werkzeug (Chris Lamb)
-  NOTE: 20250209: Added by Front-Desk (apo)
-  NOTE: 20250209: CVE-2024-34069 was already fixed in bookworm. (apo)
-  NOTE: 20250218: Requested review. (lamby)
---
 qemu
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: Follow fixes from bookworm 12.4 (CVE-2023-5088)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6759034bdcbc9e59c52eeb01da29279f2e8c99c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6759034bdcbc9e59c52eeb01da29279f2e8c99c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250221/68735e4b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list