Your message dated Tue, 25 Jan 2022 21:26:18 +0000
with message-id <[email protected]>
and subject line Bug#1004194: fixed in loguru 0.5.3-5
has caused the Debian Bug report #1004194,
regarding loguru: CVE-2022-0329
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1004194: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004194
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: loguru
Version: 0.5.3-4
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/Delgan/loguru/issues/563
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for loguru.
CVE-2022-0329[0]:
| Code Injection in PyPi loguru prior to and including 0.5.3.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-0329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0329
[1] https://github.com/Delgan/loguru/issues/563
[2]
https://github.com/delgan/loguru/commit/4b0070a4f30cbf6d5e12e6274b242b62ea11c81b
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: loguru
Source-Version: 0.5.3-5
Done: Nilesh Patra <[email protected]>
We believe that the bug you reported is fixed in the latest version of
loguru, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nilesh Patra <[email protected]> (supplier of updated loguru package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 26 Jan 2022 02:06:39 +0530
Source: loguru
Architecture: source
Version: 0.5.3-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Nilesh Patra <[email protected]>
Closes: 1004194
Changes:
loguru (0.5.3-5) unstable; urgency=medium
.
* Team Upload.
* Add patch to fix code injection vulnerability (Closes: #1004194)
+ Fixes CVE: CVE-2022-0329
Checksums-Sha1:
9b4f5f18e83b0fc825b745132d066f4dfc75d1e7 2179 loguru_0.5.3-5.dsc
a19035e2fa8597795821deca6c9a9cbd5c3d51e6 4984 loguru_0.5.3-5.debian.tar.xz
0adbe08736708d27ed072bb1815914bd5d33a867 7460 loguru_0.5.3-5_amd64.buildinfo
Checksums-Sha256:
4cd19a4a215a51846650b3578a897c399801481b10a4b2733428ff7d5c4aadaa 2179
loguru_0.5.3-5.dsc
e48b6bfb817bbedf9ecaa9629405a13dbffe2f10a5018abafeec0ad319cc4e24 4984
loguru_0.5.3-5.debian.tar.xz
cd59ede0b257527bdf655359fd1e4de54d5e15e07339d7e6c4996af732e202ff 7460
loguru_0.5.3-5_amd64.buildinfo
Files:
9c7219dc73cfea6740d888ba7c2edd29 2179 python optional loguru_0.5.3-5.dsc
d6e0e6eef4c28b6804efa53dbf62eebf 4984 python optional
loguru_0.5.3-5.debian.tar.xz
4028e541b879e19a8afea680b60367a0 7460 python optional
loguru_0.5.3-5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEPpmlJvXcwMu/HO6mALrnSzQzafEFAmHwYqISHG5pbGVzaEBk
ZWJpYW4ub3JnAAoJEAC650s0M2nxE7sP/1BK7jNU6LVZTGpx2dL8Cw1GGIKBIpgo
++WQk/f/Md8MOqjfdyb559KNjiO+rteedttc6J17C9i3P1en/0zPqqLw7H0nI+XB
jPwDj4t3GMm7tXJGvEdudM7DnlNUY5GzLiaMnGWUjo87tA1yoU363HZ+Gz7GVw+X
QGkyVUb+KvesW6AlKxVORAXy+PU9gXPndS+ibhw4e5x2LUl0/Kza/0dCc7WR4Qhn
APr3BWv7fxl9f0UTW/XwDlwunI0C3oDYGAXbofZwIWc3TBryz8qWHBnlSsm4acBL
6quLrqYd/g9IgosBjaEcI0FjFItx4bRpjYGt6llGHQwBXU33u8B4KIG83ZCAm42s
k8pLuxg9i721xst/RDuPOKOgwtyOL6YVZplglbqbySEKD9s0MxlYSDtO78eRJGT6
HizndiE0pm5FiWZbebschvPyQkg45ghAVIaHYkrCpW8G48acFUXacWxpthYcBC+I
AMy4/2QTFoAUGCLh+WZS8EumjRjLVRzHvcJ+rdSuIFUpTeHCF8Z4bVs2bkExhL3g
drPY2/41HmJxucUjzD71Vf5cJaD/v36Pzl64jIIACGtNSsVKjAlt/7GEdK6VPlII
7N8K0YkqyLZgjWABcSIigDnh+lHi317VxQnHmjp7we4TJD/MIKwdj0RBDLqeuYsx
lxUhuUBolyf0
=v5Cw
-----END PGP SIGNATURE-----
--- End Message ---
