[Python-modules-team] Bug#951907: Suggested Stable Fix
Salvatore Bonaccorso
carnil at debian.org
Thu Feb 27 07:44:48 GMT 2020
Hi Scott,
On Sat, Feb 22, 2020 at 07:20:34PM -0500, Scott Kitterman wrote:
> Debdiff for proposed stable security update attached.
>
> The first hunk of the patch has the actual fix. I would prefer to use the new
> ustream release rather than just patch the one line because of the test
> improvements, of the explanation of the issue in the upstream changeslog, and
> using the new upstream makes it clearer to external reviewers we've done the
> fix. There are no unrelated changes.
Okay let's fix this via a DSA.
I checked the reverse dependencies and none seem to be particularly
impacted, but given the primary use of the module is to sanitize input
and is generic enough we should update.
Can you set urgency=high for consistency, and add the now assigned CVE
refeence (I did contact Mozilla CNA for it, and they assigned one, it
is CVE-2020-6802).
Many thanks for your work and apologies for the long delay.
Regards,
Salvatore
More information about the Python-modules-team
mailing list