On Mon, May 06, 2019 at 10:20:25AM +0200, Thomas Goirand wrote:
> On 5/6/19 5:09 AM, Ross Vandegrift wrote:
> > Source: sqlalchemy
> > Version: 1.2.18+ds1
> > Followup-For: Bug #922669
> >
> > I've confirmed that 1.2.18+ds1 is affected despite the description at [1].
> > Upstream has a patch for t
On 5/6/19 5:09 AM, Ross Vandegrift wrote:
> Source: sqlalchemy
> Version: 1.2.18+ds1
> Followup-For: Bug #922669
>
> I've confirmed that 1.2.18+ds1 is affected despite the description at [1].
> Upstream has a patch for the 1.2 series at [2].
>
> A debdiff including the patch is attached. It buil
Source: sqlalchemy
Version: 1.2.18+ds1
Followup-For: Bug #922669
I've confirmed that 1.2.18+ds1 is affected despite the description at [1].
Upstream has a patch for the 1.2 series at [2].
A debdiff including the patch is attached. It builds and the tests pass.
However, the fix requires removing
Source: sqlalchemy
Version: 1.2.15+ds1-1
Severity: important
Tags: security upstream
Hi,
The following vulnerabilities were published for sqlalchemy.
CVE-2019-7164[0]:
| SQL Injection when the order_by parameter can be controlled
CVE-2019-7548[1]:
| SQLAlchemy 1.2.17 has SQL Injection when the
4 matches
Mail list logo
