Override component to main
python-asgiref 3.5.0-1 in jammy: universe/misc -> main
python3-asgiref 3.5.0-1 in jammy amd64: universe/python/optional/100% -> main
python3-asgiref 3.5.0-1 in jammy arm64: universe/python/optional/100% -> main
python3-asgiref 3.5.0-1 in jammy armhf:
FYI - I now also added the server team subscription which was still
missing
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1953173
Title:
[MIR] python-asgiref
To manage notifications about this bug
Security and MIR team ack, this can be promoted
** Changed in: python-asgiref (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1953173
Title:
I reviewed python-asgiref 3.5.0-1 as checked into jammy. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
python-asgiref is part of the django framework. It is an interface between
async-capable Python web servers, frameworks, and applications. The package
From:
https://github.com/django/asgiref/issues/317
Upstream confirmed that it is in fact an issue, but, it's not exploitable.
My understanding is that it will hit other guards before falling in that case.
And, changing it would be a potential risk of breaking other things.
I'm pretty satisfied
Hi Lena,
Thanks for checking and testing it.
I raised an issue in the upstream to ask about it:
https://github.com/django/asgiref/issues/317
Thanks!
** Bug watch added: github.com/django/asgiref/issues #317
https://github.com/django/asgiref/issues/317
--
You received this bug notification
Hi Rodrigo,
I looked into the lines and did find a possible issue.
SCRIPT_NAME and PATH_INFO should not have any issues as the scope's
root_path and path are setup as strs beforehand and the conversion
encoding utf8 then decoding to latin1 are well defined in this case.
However, QUERY_STRING
Hi Server team,
could you, please, take a look into the following lines in wgsi.py:
def build_environ(self, scope, body):
...
environ = {
...
"SCRIPT_NAME": scope.get("root_path",
"").encode("utf8").decode("latin1"),
"PATH_INFO":
** Changed in: python-asgiref (Ubuntu)
Status: New => In Progress
** Changed in: python-asgiref (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => Rodrigo Figueiredo
Zaiden (rodrigo-zaiden)
--
You received this bug notification because you are a member of Ubuntu
Bugs,
** Changed in: python-asgiref (Ubuntu)
Milestone: ubuntu-22.02 => ubuntu-22.04-feature-freeze
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1953173
Title:
[MIR] python-asgiref
To manage
Required for the new LTS Django in 22.04, setting Critical + Milestone
22.02 (FeatureFreeze)
** Changed in: python-asgiref (Ubuntu)
Importance: Undecided => Critical
** Changed in: python-asgiref (Ubuntu)
Milestone: None => ubuntu-22.02
--
You received this bug notification because you
Review for Package: python-asgiref
[Summary]
I can confirm all the checks done when filing this. It seems to be a
useful well maintainer library with not many known issues.
MIR team ACK
Sadly it isn't ready for promotion yet, as due to the nature of the code
between servers and web-apps it does
** Changed in: python-asgiref (Ubuntu)
Assignee: (unassigned) => Christian Ehrhardt (paelzer)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1953173
Title:
[MIR] python-asgiref
To manage
** Description changed:
- TBC
-
Related bug is bug 1951130 which wasn't needed because python-asgiref an
optional dependency for flask. However it looks like it's a required
dependency of python-django 3.2.
+
+ [Availability]
+ The package python-asgiref is already in Ubuntu universe.
+
14 matches
Mail list logo
