Your message dated Wed, 23 Oct 2019 15:53:10 +0000
with message-id <[email protected]>
and subject line Bug#940935: fixed in python-werkzeug 0.15.6+dfsg1-1
has caused the Debian Bug report #940935,
regarding python-werkzeug: CVE-2019-14806
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
940935: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940935
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-werkzeug
Version: 0.14.1+dfsg1-4
Severity: normal
Tags: security upstream
Hi,
The following vulnerability was published for python-werkzeug.
CVE-2019-14806[0]:
| Pallets Werkzeug before 0.15.3, when used with Docker, has
| insufficient debugger PIN randomness because Docker containers share
| the same machine id.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-14806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14806
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-werkzeug
Source-Version: 0.15.6+dfsg1-1
We believe that the bug you reported is fixed in the latest version of
python-werkzeug, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ondřej Nový <[email protected]> (supplier of updated python-werkzeug package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 23 Oct 2019 17:32:04 +0200
Source: python-werkzeug
Architecture: source
Version: 0.15.6+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Python Modules Packaging Team
<[email protected]>
Changed-By: Ondřej Nový <[email protected]>
Closes: 940935
Changes:
python-werkzeug (0.15.6+dfsg1-1) unstable; urgency=medium
.
* New upstream release (Closes: #940935, CVE-2019-14806)
* Bump debhelper compat level to 12 and use debhelper-compat
* wrap-and-sort -ast
* Drop upstream applied patches:
- 0002-Use-local-copies-of-object.inv-for-building-document.patch
- xprocess-skip.patch
* Add python3-pallets-sphinx-themes to B-D
* Skip test_windows_get_args_for_reloading test: It doesn't work
* d/copyright:
- Fix upstream licensing for new upstream release
- Bump my copyright years
* d/rules: Install docs inside override_dh_sphinxdoc and not
override_dh_install
* Bump Standards-Version to 4.4.1.
* Disable sphinx-issues extension until python-sphinx-issues hits unstable.
Checksums-Sha1:
92ebdd79085af52d09a696c7983debf080850073 2607
python-werkzeug_0.15.6+dfsg1-1.dsc
a27a202a582e6911387fcc6cf7ec4e89ce76c787 751268
python-werkzeug_0.15.6+dfsg1.orig.tar.xz
36505d3bc1e031aa3f5d2f58a5c24d379de035e2 7052
python-werkzeug_0.15.6+dfsg1-1.debian.tar.xz
e19aebb104b79d575e31b68ff791c6dad1bf7821 9847
python-werkzeug_0.15.6+dfsg1-1_amd64.buildinfo
Checksums-Sha256:
f181b9fa2596e471d86a2da353d55a9df1e9fdc3433515d2ae4c636cdaf014a1 2607
python-werkzeug_0.15.6+dfsg1-1.dsc
b0443b6562c42af3d0fb6c76fb73ea1469da19c8491f03830fbcd1fefb091ffb 751268
python-werkzeug_0.15.6+dfsg1.orig.tar.xz
f28817b2be9a5cd8591593cffdfafb7b2099adb39db2f8ce8991f28902d2239c 7052
python-werkzeug_0.15.6+dfsg1-1.debian.tar.xz
799613d6fba005fbbb8c6de6c8e56c9c9445091a13f3d9d4e87cf3630c084953 9847
python-werkzeug_0.15.6+dfsg1-1_amd64.buildinfo
Files:
221abd1731f15b302a5a60b79cd3f894 2607 python optional
python-werkzeug_0.15.6+dfsg1-1.dsc
cdf6f0dd5ea87c94c8a1dcf4c8255f44 751268 python optional
python-werkzeug_0.15.6+dfsg1.orig.tar.xz
b561a4519012b21d4e96500049bb0526 7052 python optional
python-werkzeug_0.15.6+dfsg1-1.debian.tar.xz
3f7219ccb93b297783595db896910cf9 9847 python optional
python-werkzeug_0.15.6+dfsg1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEPZg8UuuFmAxGpWCQNXMSVZ0eBksFAl2wc0gACgkQNXMSVZ0e
Bksu6w//XWPjNVU5TYU9CjYKmFcSXkA/tcG/gWaerRxIa2uRNIuMsgbEXToD6GYQ
lP/OHyUSHgs9frP6TGVwfriW0WO/n1EOsrp458G1E8zdTyigEbYYEtaaHTJXs86F
F5rL7LmX5QWPIjyNpfGRHe5v1a0GdkKPlSl9LEpTOktXMMCVSddBh3JfWpMhhe34
rlXOxZQDu4IJ/QAhzoigrGe+wKWMBvEaI9ahqO/Oy9bOENXTo2Cj4TXLq1VcRixQ
47UEFyIlcH2Z03RuE9jhA4G2eqIp338L+tjVK+1F1Qo/q44Av0kNzph5n2HGwLWu
Lbpn/wLR973+1uCvfjNA7xvhUVfueF2sB2PdzdXp3QMP2XIQb+StNWdIUGhr5XnR
5486nGICyR7Z+NrJNj3ophoBb7RU3e/nMQ00RDL3hgF8cEVEptI8oR2WoUw4lANJ
rLQ6cfYeSXksmpVbF+qZqbdhFhPmpCAoozHscBj4NMkp20ldjGzkw4UIOOKF95ac
kqPKORaz+D8mqDRMo+mBv2uuofIgURF4zhif9/zP4l8UqbParrHl05prZKoQh2e6
hwAtjVlBPskMS1W1zfjfzjnnQ7N9dc3jBMMpKt1yqIbBD0/qSFHGaa5Dd1mYQg9A
UOZJJYB8CqydiIPHumG1DQZEJnxOf0fN8KFIFNteGWPl0re017Q=
=8tCC
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
