On 5/30/19 5:23 AM, Paul Gevers wrote:
Hi Mike, zigo,
Thanks for your replies,
I very much think it's safer to just allow SQLAchemy to migrate right
now, to fix the potential SQL insertion vulnerability, rather than
waiting for any (potential, but likely rare) issue in the above reverse
Hi Mike, zigo,
Thanks for your replies,
>> I very much think it's safer to just allow SQLAchemy to migrate right
>> now, to fix the potential SQL insertion vulnerability, rather than
>> waiting for any (potential, but likely rare) issue in the above reverse
>> dependencies.
>>
>> I do think a
On Wed, May 29, 2019, at 5:28 PM, Thomas Goirand wrote:
>
> Dear Debian release team,
>
> Please note that, even though I was the person who updated SQLAlchemy to
> apply the upstream CVE fix, I am not the official maintainer of the
> package, and that this is probably up to Piotr to do the
Dear Debian release team,
Please note that, even though I was the person who updated SQLAlchemy to
apply the upstream CVE fix, I am not the official maintainer of the
package, and that this is probably up to Piotr to do the work. I'm
happily replying though. :)
I'm CC-ing Piotr and Mike Bayer
Control: tags -1 moreinfo confirmed
Hi Zigo,
On Tue, 21 May 2019 17:50:28 +0200 Thomas Goirand wrote:
> Note that it may (or not) break some reverse dependencies, though according
> to upstream, OpenStack (the biggest SQLAlchemy consumer in Debian) behaves
> correctly with it. If this happens,
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package sqlalchemy,
My last (team-)upload for version 1.2.18+ds1-2 adds a patch from upstream
for CVE-2019-7164 CVE-2019-7548, which is an SQL vulnerability problem.
Note
6 matches
Mail list logo
