This bug was fixed in the package python-pymysql - 0.9.3-2ubuntu3.1
---------------
python-pymysql (0.9.3-2ubuntu3.1) focal-security; urgency=medium
* SECURITY UPDATE: SQL injection via untrusted JSON input
- debian/patches/CVE-2024-36039.patch: forbid dict parameter in
pymysql/converters.py, pymysql/tests/test_connection.py.
- CVE-2024-36039
* Fix FTBFS caused by MySQL deprecation warnings (LP: #1891484)
- debian/patches/disable_warnings.patch: disable auto show warnings in
some tests as newer MySQL versions have some deprecation warnings
that break test results.
-- Marc Deslauriers <[email protected]> Tue, 28 May 2024
13:36:35 -0400
** Changed in: python-pymysql (Ubuntu)
Status: Confirmed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-36039
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891484
Title:
python-pymysql ftbfs in focal
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-pymysql/+bug/1891484/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
