Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.maint.python > #16494

Re: python-werkzeug CVEs

Path csiph.com!news.samoylyk.net!gothmog.csi.it!bofh.it!news.nic.it!robomod
From Carsten Schoenert <c.schoenert@t-online.de>
Newsgroups linux.debian.maint.python
Subject Re: python-werkzeug CVEs
Date Fri, 29 Nov 2024 08:40:01 +0100
Message-ID <JO3Lz-cppV-7@gated-at.bofh.it> (permalink)
References <JNZRD-cmec-1@gated-at.bofh.it>
X-Original-To Sean Whitton <spwhitton@spwhitton.name>
X-Mailbox-Line From debian-python-request@lists.debian.org Fri Nov 29 07:38:54 2024
Old-Return-Path <c.schoenert@t-online.de>
X-Amavis-Spam-Status No, score=-6.995 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, FREEMAIL_FROM=0.001, LDO_WHITELIST=-5, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
X-Policyd-Weight using cached result; rate: -5.5
MIME-Version 1.0
User-Agent Mozilla Thunderbird
Content-Language en-US
Autocrypt addr=c.schoenert@t-online.de; keydata= xsFNBFIDTk4BEACx6disb51q5rTdDmnkOayFDiLgOrZ4InnRmbTsgYJaigcRXjVtjFaxwL0M Qtzrt9srlLBReWD4JvoLP9/8z2C1ORaoOUatApssuKd32Qa80lBlduIQCfaZ6K5Ij0TXeqIb dWXMWSvpaOwt+ecBGSdEepgABtxO9Xel9zqDsAauFxBRHGzJs3bSG8QRtwnQA2+9J8UEtzAc dY69YAkF3Q6HIPP/0mbGiget/1WGR+8tPKlVMYcgZtGIP2J36GkDbfDvdbH5QLn2KtMuGXLv f1CTy+vvQL3mY4caKamCU7tLi8FSufNZpPChguNOHsbuO//ACrTFqGysVFvq25zEb60t9Hoq AXHIMlDJFnR7XBUCyAHV4NROMvGZlFbLuZpUA81Kukj72xifqk9ZFl9sxqKPgheqi+dT8peV LgvgCgMgQjvZgQ5X4AG2kiIezWtjlToCZAZ4ufQ26aofvwZqhBrogQF/+272B9CJuKBLIx+R CEhtW4gTKShY3moc8Aqh8AFH3pWkXILAxEGnvMu8oapAUiRNXNOb/nBlYXH1BEc+Boarm8vj LElQxdI4uNEQsLvZxsL4iYvrbZ5OLZnjkMJjvU7XVFjxAkDAHT8eYH9LWK/VeiK8fm+zsDZU qy2dN77RYlQbO9TkKlJs3CR2lpT7Dr/ObtIqEf4VFOplxTY9kwARAQABzStDYXJzdGVuIFNj aG9lbmVydCA8Yy5zY2hvZW5lcnRAdC1vbmxpbmUuZGU+wsF3BBMBCAAhBQJSA05OAhsDBQsJ CAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEIMBYBQlHR2w8DoP/2RO8DOOA/P2Bf5atiNtEbSD nPGlN5Roml4paIPoGMw42cezBekdkJ4B/Ccr2x5MigroUTYLZwxP6U7YUNVuZhRmaEjGVD35 pIklW/os+9b5srxpdHWatHC6w/OoRL0P5EtK3sHeMOrhhMsSZe/fCiXr5VetpVgNx9fdFmSs UhkiyaBar24bLNAaY3KAAnDAUxXfQxZdYZ6kxH2Wq6sypgfq1lk4TTzGUx32nmGcR/fBZmmc +ZbZPzjd3Mor9/Dg57aMt87j/MqIndHVuucAB+/lENM4ufK04DBoqHEorD2CQJvEkn7HjydE e0YNITrFkpsqbbeltIMNV6viIxQluoYjBobY+5CRvCtYr/9m5ND0tDwHesfaBY7NWkkWhCYs M+CtlyqCtSo9Y23i/ap99GSNfguVISp8nxy3i8w/ZQ44TIRv/0zEcRoYgl/iF3wB3Gug6DVa XSZKveGMc2Q1+5u9jWfC/Jvy+J1qPM9h2m5pvTwuBrdfaMGvOzCk0iqWvHUN4cZIa8io2WXD pbbnytAhqFDFYCfgpL1Q9eczVIOO3WaITAJVHGBYnLLpsgwdsIMGXyhRO9wSpC80o2HhQK90 ifpYS1VnLJLNt2D+B31uuQr6LIuq1rtUvAzM39i3ftMLCnL1jSa+6q0uVzyTWI1xsmF7g0md ulwfQ+5zLW4KzsFNBFIDTk4BEADKWf/qL0X1KWdBdTyI6qoz/1YL/hLniKAvR9J43Wtfv9EY NxRpIMGzNTOyCi/qlw0HbMo6vIxy/Tw8nTj36OjZrZQ0dFHKM66Vl4KNbA5kI0lCTj1FIjGR adMsBXWpJ44SdXF5BtAuq2/vZzYbLtjYGu5tnQrYLjGOQ0FByw3wuGnlBJVzGbbCxSB06mGa w5LXRq5HZN5zzmaiqx+z+hlOAtyo61x+gxT5BNQXGIdZkBKyzItx4OxFaiWh3JtLqSQDBkDo yzhPvEBaOFn99QUgfk4Maoj1PgFgoteKQrywY18HCtlpSMUAvX+k074kDYgrTLrh26ApECl+ bOK6P1BPWRN0uedKewnGGemJJwq2RihdpLzyHBaRlwokRH9Drs7pCsxfy9VgPCEbm7ytgzk0 EHkA7Hl/ur39TT8VLluc+zZ10xU4uuTWIBiUOeIbuJo+UVRZBFVMmsKDVQeFSi0ujz/VW/0N sW1L73406B3jYZB/bffFTGkH5acrq3cQ25Wcur92da30g5TOq3sG71+XDPVcNZgiMbDJf6tK 39rB/GjQ0Pk0O2GaiSL9tGkfjsxhZ7p5+lNCDOWWK8IAH6T7PKoIGPqRl8KmANE6qZsevgaM CWsvkJastf9a3F6ZbL15QD1qdtRebv8yhCxyikaqy8oZKWDer4pBy0oD+g9/CwARAQABwsFf BBgBCAAJBQJSA05OAhsMAAoJEIMBYBQlHR2wMKAP/iL+tk5G2vbVJCw0BKJBoMEjBedQI38l f9CeLSVtJeokIR8GkDqgTpwKJaH0/cou2Q2GUMJ5U4J/vvYFNzJk8jyT1fdC0N83HUGNKQ3H NGGcq0GQFoOHcSVeo1V77Fuf3YYhzD5mPz/ypvIvsnbuiRgxWx5meU9LfZzf8Ijzv6e67q1O G+JAKvitV4UvUo9l05ewadRg53QpWNmmRHSXflpmw0PX5C9TKsyY/Sg4DdBf2NIzktQyOxya T2yHaVuQUUQRQ0248NdA1ql7zV48ZjF1ADhagQ8bgYuGMdOW6upfUBvPqQl0poV8FwjNErex N+CUbA5inlT9oIP03LtwZoKKDuK2PojoTtGp7WZ4ryQX9i9ogUOGknAABxFg4iMBQVkyl9oF QSgHa0HlbjRj8uY1kqsO4FgrcoGiouNzEfhP5zpxvCg3BBuWngo9ApU+MXOAwuq1Gt4dzUg4 7Ir2s32nhiv5TErJzPdNrUSK/tOUZOSkOzXv1kOGbXAlhC/5a5VGfA99uFcYK899gpfB4q64 jrc3wewP0MXjVl8U004Px7sYT4BkAoCupRtmBoRWhttvbcv6T8uFMAF+j91ng0X1+n21fV+O 9wPRnD3/KJThRVMR8poUevmJbFgPfvGGmz1asVIK8tBamAZp5aCeqZ7HVkTmMbj1x07Ry7o0 iWLO
Content-Type text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding 7bit
X-Toi-Expurgateid 150726::1732865917-327EF96B-D832DF67/0/0 CLEAN NORMAL
X-Toi-Msgid ddb1157a-ee0a-4d9c-894d-208a2408aca0
X-Mailing-List <debian-python@lists.debian.org> archive/latest/22573
List-ID <debian-python.lists.debian.org>
List-URL <https://lists.debian.org/debian-python/>
List-Archive https://lists.debian.org/msgid-search/53e2e844-7d98-438e-a33b-c6b275af2b94@t-online.de
Approved robomod@news.nic.it
Lines 23
Organization linux.* mail to news gateway
Sender robomod@news.nic.it
X-Original-Cc debian-python@lists.debian.org
X-Original-Date Fri, 29 Nov 2024 08:38:36 +0100
X-Original-Message-ID <53e2e844-7d98-438e-a33b-c6b275af2b94@t-online.de>
X-Original-References <87ttbq911z.fsf@melete.silentflame.com>
Xref csiph.com linux.debian.maint.python:16494

Show key headers only | View raw

Hi Sean,

Am 29.11.24 um 04:22 schrieb Sean Whitton:
> Hello,
> 
> There are three DoS CVEs for python-werkzeug in stable.
> 
> I intend to fix these as part of the Debian LTS team, sponsored by
> Freexian.  I would like also to fix them in bookworm, because that will
> become an LTS release eventually.  Would you like me to go ahead and
> submit a stable update request, or are you already working on something?

no, I haven't looked into the details yet to fix these CVEs for the 
older versions in Debian, I was intending to look into these after the 
recent happen update of Werkzeug plus Flask *and* after my moving of 
home. It would take at least some more weeks on my sid, please go ahead 
and don't wait for me.

Thanks for taking care!

-- 
Regards
Carsten

Back to linux.debian.maint.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

python-werkzeug CVEs Sean Whitton <spwhitton@spwhitton.name> - 2024-11-29 04:30 +0100
  Re: python-werkzeug CVEs Carsten Schoenert <c.schoenert@t-online.de> - 2024-11-29 08:40 +0100
    Re: python-werkzeug CVEs Sean Whitton <spwhitton@spwhitton.name> - 2024-11-29 09:40 +0100

csiph-web