[Python-modules-team] Bug#951907: Suggested Stable Fix
Scott Kitterman
debian at kitterman.com
Thu Feb 27 11:24:09 GMT 2020
On Thursday, February 27, 2020 2:44:48 AM EST Salvatore Bonaccorso wrote:
> Hi Scott,
>
> On Sat, Feb 22, 2020 at 07:20:34PM -0500, Scott Kitterman wrote:
> > Debdiff for proposed stable security update attached.
> >
> > The first hunk of the patch has the actual fix. I would prefer to use the
> > new ustream release rather than just patch the one line because of the
> > test improvements, of the explanation of the issue in the upstream
> > changeslog, and using the new upstream makes it clearer to external
> > reviewers we've done the fix. There are no unrelated changes.
>
> Okay let's fix this via a DSA.
> I checked the reverse dependencies and none seem to be particularly
> impacted, but given the primary use of the module is to sanitize input
> and is generic enough we should update.
>
> Can you set urgency=high for consistency, and add the now assigned CVE
> refeence (I did contact Mozilla CNA for it, and they assigned one, it
> is CVE-2020-6802).
>
> Many thanks for your work and apologies for the long delay.
Thanks. No worries about the delay. I imagine this isn't the most severe
issue you are dealing with this week.
I've dput the package to security-master, modified as above.
Scott K
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/python-modules-team/attachments/20200227/b1f6e10f/attachment.sig>
More information about the Python-modules-team
mailing list