Hi Adrian,

On Wed, Jun 24, 2026 at 03:05:19PM +0300, Adrian Bunk wrote:
> Package: release.debian.org
> Severity: normal
> Tags: trixie
> X-Debbugs-Cc: [email protected], [email protected]
> Control: affects -1 + src:python-memray
> User: [email protected]
> Usertags: pu
> 
>   * CVE-2026-32722: XSS in generated HTML reports via unescaped
>     command-line metadata (Closes: #1131372)

> diffstat for python-memray-1.17.0+dfsg python-memray-1.17.0+dfsg
> 
>  changelog                                       |    8 ++
>  patches/0001-Fix-escaping-in-HTML-reports.patch |   88 
> ++++++++++++++++++++++++
>  patches/series                                  |    1 
>  3 files changed, 97 insertions(+)
> 
> diff -Nru python-memray-1.17.0+dfsg/debian/changelog 
> python-memray-1.17.0+dfsg/debian/changelog
> --- python-memray-1.17.0+dfsg/debian/changelog        2025-04-04 
> 22:28:26.000000000 +0300
> +++ python-memray-1.17.0+dfsg/debian/changelog        2026-06-24 
> 14:32:46.000000000 +0300
> @@ -1,3 +1,11 @@
> +python-memray (1.17.0+dfsg-1.1) trixie; urgency=medium

Small glitch here: That should ideally be 1.17.0+dfsg-1+deb13u1.

Regards
Salvatore

Reply via email to