1. Forum
  2. Usenet
  3. LINUX.DEBIAN.MAINT.PYTHON

  • python-werkzeug CVEs

    From Sean Whitton@21:1/5 to All on Fri Nov 29 04:30:01 2024
    Hello,

    There are three DoS CVEs for python-werkzeug in stable.

    I intend to fix these as part of the Debian LTS team, sponsored by
    Freexian. I would like also to fix them in bookworm, because that will
    become an LTS release eventually. Would you like me to go ahead and
    submit a stable update request, or are you already working on something?

    Thanks.

    --
    Sean Whitton

    --=-=-Content-Type: application/pgp-signature; name="signature.asc"

    -----BEGIN PGP SIGNATURE-----

    iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmdJM2gZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQE7REACHhh2lppgb0tmm/05uBNSX 1zHptffpww++7YtidOgW+XEhwhLozBb5Ec2MjKm/F+QKKfwQbVgZj3g8yanpr3tu 3ieeQd+aESv19GAHKsw/t7YrEUG853rmu1e6Kf9KYs8IuAXbxUTZJs09wFHrUNE2 ApxR6OyrTJbYxagSoQCWsS9x1SJNs0Z1oM6k5fhWKBJJbyen1Tb5amvVhj1u49Ur GnwqSrDccSNzBsZuQcX1NImy9GylDS7Fc1s+Q1vB3AUIejRuzU3rXh7olDWJvpk2 8LgU5deiZD/mFnHYpuds7rW3/cnvZYKqQyIvm/us30k592n1LbaQGLLcO/8IHmUr UXklZhC+ssZJjDvZdMC16N74pJ9NW+bwVkLvQKfshEZhzSAVrIn/DzcEgyjPK9i+ hzWdK+0duTX+8aIfo9D66ftn8wcU55MzW5JfJEoMju/c+fNdDRwhdWgFm7SoAi61 66grLLG3xnu5jkice8tW2XA3vaJbF/LE44eOpTDTmmtjl3ICSJ0jjXSMNzbt6HLW 2jjny3iZdVgmRvomXIhH33cTXThyq3+LjgidYHDl6HQ14TSWj0XKY2f6dRhHoMuT GdARciAffcghQ4bQDMAhmwj7gA0BvwePWuldRM1ahH1rjURF9SbCiJ/UXmHvb3b/ OH7NpWN9QbXqkmApWMx5EA==Fspa
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Us
  • From Carsten Schoenert@21:1/5 to All on Fri Nov 29 08:40:01 2024
    Hi Sean,

    Am 29.11.24 um 04:22 schrieb Sean Whitton:
    Hello,

    There are three DoS CVEs for python-werkzeug in stable.

    I intend to fix these as part of the Debian LTS team, sponsored by
    Freexian. I would like also to fix them in bookworm, because that will become an LTS release eventually. Would you like me to go ahead and
    submit a stable update request, or are you already working on something?

    no, I haven't looked into the details yet to fix these CVEs for the
    older versions in Debian, I was intending to look into these after the
    recent happen update of Werkzeug plus Flask *and* after my moving of
    home. It would take at least some more weeks on my sid, please go ahead
    and don't wait for me.

    Thanks for taking care!

    --
    Regards
    Carsten

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Sean Whitton@21:1/5 to Carsten Schoenert on Fri Nov 29 09:40:02 2024
    Hello,

    On Fri 29 Nov 2024 at 08:38am +01, Carsten Schoenert wrote:

    Hi Sean,

    Am 29.11.24 um 04:22 schrieb Sean Whitton:
    Hello,
    There are three DoS CVEs for python-werkzeug in stable.
    I intend to fix these as part of the Debian LTS team, sponsored by
    Freexian. I would like also to fix them in bookworm, because that will
    become an LTS release eventually. Would you like me to go ahead and
    submit a stable update request, or are you already working on something?

    no, I haven't looked into the details yet to fix these CVEs for the older versions in Debian, I was intending to look into these after the recent happen
    update of Werkzeug plus Flask *and* after my moving of home. It would take at least some more weeks on my sid, please go ahead and don't wait for me.

    Thanks for getting back to me so quickly. I'll see how I get on.

    --
    Sean Whitton

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)