[Python-modules-team] python-pymysql_0.9.3-2+deb11u1_source.changes ACCEPTED into oldstable-proposed-updates->oldstable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Wed May 29 18:37:14 BST 2024
Thank you for your contribution to Debian.
Mapping oldstable-security to oldstable-proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 28 May 2024 08:56:57 +0200
Source: python-pymysql
Architecture: source
Version: 0.9.3-2+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>
Changed-By: Thomas Goirand <zigo at debian.org>
Closes: 1071628
Changes:
python-pymysql (0.9.3-2+deb11u1) bullseye-security; urgency=medium
.
* CVE-2024-36039: PyMySQL through 1.1.0 allows SQL injection if used with
untrusted JSON input because keys are not escaped by escape_dict. Applied
upstream patch: forbid_dict_parameter.patch (Closes: #1071628).
Checksums-Sha1:
357ba0df0ea70e74d0756d7a7138876b80f7f5d4 2324 python-pymysql_0.9.3-2+deb11u1.dsc
26207ac507e7b9593816d9b060e52d7a9a9d2eec 86715 python-pymysql_0.9.3.orig.tar.gz
39eca8afcd43dc3670c08dfe9073298933be4c30 6648 python-pymysql_0.9.3-2+deb11u1.debian.tar.xz
3954f2d613ca33a11791dd0964be91318e845357 9750 python-pymysql_0.9.3-2+deb11u1_amd64.buildinfo
Checksums-Sha256:
9daa9535965b2ea9dff2034a2feb571d657ec2eaa60bb68a289c479d1cadd569 2324 python-pymysql_0.9.3-2+deb11u1.dsc
5a85599a69b51db185f9447ba5034501482496e481574bce972c7dcb5abe1d57 86715 python-pymysql_0.9.3.orig.tar.gz
ca3565d650c580e509598b5e7dfb550c16c863e3c739d33b52757e6bf8bc483c 6648 python-pymysql_0.9.3-2+deb11u1.debian.tar.xz
07195d35181d6fb4356782121c345e9b9156e1861777cfc17a68f9f9a64dffbc 9750 python-pymysql_0.9.3-2+deb11u1_amd64.buildinfo
Files:
1b4617b1718a045ffcd17122130c6b67 2324 python optional python-pymysql_0.9.3-2+deb11u1.dsc
7afad735628571b6fffd74086ce451b7 86715 python optional python-pymysql_0.9.3.orig.tar.gz
65545c35069130e979b35320e91c9182 6648 python optional python-pymysql_0.9.3-2+deb11u1.debian.tar.xz
e9763923b6b442a29b8de2ab7e6c7b04 9750 python optional python-pymysql_0.9.3-2+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmZWzvMACgkQ1BatFaxr
Q/4LdRAAkRb25uh0rg3P+SHY66zh1UtAI0FzFBW1K39JO44Usu/39rch8KWONR3z
izrPSDia2dgbrcs6EVlJO4kp/9RY1Ri0GDrx+Aeuu8GJDgFDEYTx0qwOmGBJMpXU
oQ8awoAHlKpm4maLNx9MonFDNIuZRvVS2iDAuDohxXrN+WPbGd8izRdTahmvFOIA
0sfa4uLwwrspV+xxte+3edr8nGRCu3UlC3m5mW+s0pRvltqZ7pAKBocqCNEua3hm
jRELrRgfINjzgdol24Dc78J9AE3xEBKrW0g5jW3HeHdV5yFpiGaegWQq2r+s2lx7
YayUk09WoFP63/hSmhlhSuVo3hlTy4qZO0SzKqPjNlKanCsL2l9lPwbjh8O+iLex
2tQzmUYwm5OiZ0nUJ4CpYSUYSjvZdKo6oTCvPx0Y8fSP60xmYWH2nL3w8RN271st
zEfPhHs8RIEpidDSHu1jWYfzVT0iaey71HxPJdFvZWZ3Xr/sYxYUVfCmWfkylVkE
UP3jd8pmJEaQeFiF+5u8aaRSFtJ6Hr1ElTx4WC/lOiXHOJGMXvqM3YrCb7+/DegL
ALIRPOpf+uE+//fUS6c1xXqJhA5vMc3p9c6SncCQHxCB8CDF3RTaG100Aybtpe9L
e6n4gjb4CechQIgQs39I5z9gjd3KXR1BnmHEpD1RccvkrQZVBR0=
=w+cC
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/python-modules-team/attachments/20240529/decab62d/attachment.sig>
More information about the Python-modules-team
mailing list