[Python-modules-team] Update for SQLAlchemy to address CVE-2019-7164 CVE-2019-7548
zigo at debian.org
Fri May 31 00:34:33 BST 2019
Dear package maintainer,
We're about to upgrade SQLAlchemy in Buster to address an SQL injection
issue. The fixed package is in unstable, under the version 1.2.18+ds1-2.
In some rare cases, this update may break reverse depenencies, leading
to non-working SQL queries.
This is why I'm writing this email to you today: to ask you to please
test your application with SQLAlchemy 1.2.18+ds1-2 ASAP, to address any
potential unforecast issue before the Buster release.
Details about the discussion can be seen here in the Debian bug #929321.
Thomas Goirand (zigo)
More information about the Python-modules-team