[Python-modules-team] Bug#970567: pyzmq: TestAsyncioAuthentication::test_blacklist hanging after CVE-2020-15166 bugfix for zeromq3
Salvatore Bonaccorso
carnil at debian.org
Fri Sep 18 20:37:26 BST 2020
Source: pyzmq
Version: 17.1.2-2
Severity: serious
Tags: upstream,patch,fixed-upstream
Justification: FTBFS
Forwarded: https://github.com/zeromq/pyzmq/issues/1418
X-Debbugs-Cc: carnil at debian.org,team at security.debian.org,bluca at debian.org,gcs at debian.org
Control: fixed -1 19.0.2-2
Control: affects -1 + release.debian.org,security.debian.org
Hi
After the CVE-2020-15166 fix in zeromq3 the upstream test
TestAsyncioAuthentication::test_blacklist will hang, cf [1].
This was already fixed in unstable. For stable this would cause an
issue when pyzmq would need to be rebuild. It though does not warrant
a regression update via security because. The test was actually
relying on the broken behaviour afaiu.
[1] https://github.com/zeromq/pyzmq/issues/1418
[2] https://github.com/zeromq/pyzmq/commit/afd72820946f544790c6f70d90ba50eb29f1c6e1
Regards,
Salvatore
More information about the Python-modules-team
mailing list