[Python-modules-team] Update for SQLAlchemy to address CVE-2019-7164 CVE-2019-7548

Thomas Goirand zigo at debian.org
Fri May 31 00:34:33 BST 2019

Dear package maintainer,

We're about to upgrade SQLAlchemy in Buster to address an SQL injection
issue. The fixed package is in unstable, under the version 1.2.18+ds1-2.

In some rare cases, this update may break reverse depenencies, leading
to non-working SQL queries.

This is why I'm writing this email to you today: to ask you to please
test your application with SQLAlchemy 1.2.18+ds1-2 ASAP, to address any
potential unforecast issue before the Buster release.

Details about the discussion can be seen here in the Debian bug #929321.

Best regards,

Thomas Goirand (zigo)

More information about the Python-modules-team mailing list