Path: csiph.com!fu-berlin.de!bofh.it!news.nic.it!robomod
From: Sean Whitton <spwhitton@spwhitton.name>
Newsgroups: linux.debian.maint.python
Subject: Re: python-werkzeug CVEs
Date: Fri, 29 Nov 2024 09:40:02 +0100
Message-ID: <JO4HE-cqeB-17@gated-at.bofh.it>
References: <JNZRD-cmec-1@gated-at.bofh.it> <JO3Lz-cppV-7@gated-at.bofh.it>
X-Mailbox-Line: From debian-python-request@lists.debian.org  Fri Nov 29 08:36:09 2024
Old-Return-Path: <spwhitton@spwhitton.name>
X-Amavis-Spam-Status: No, score=-7.198 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, LDO_WHITELIST=-5, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
X-Policyd-Weight: using cached result; rate:hard: -5.5
Feedback-ID: 20115:3760:null:purelymail
X-Pm-Original-To: debian-python@lists.debian.org
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Mailing-List: <debian-python@lists.debian.org> archive/latest/22574
List-ID: <debian-python.lists.debian.org>
List-URL: <https://lists.debian.org/debian-python/>
List-Archive: https://lists.debian.org/msgid-search/87a5di8nbf.fsf@melete.silentflame.com
Approved: robomod@news.nic.it
Lines: 23
Organization: linux.* mail to news gateway
Sender: robomod@news.nic.it
X-Original-Cc: debian-python@lists.debian.org
X-Original-Date: Fri, 29 Nov 2024 16:19:00 +0800
X-Original-Message-ID: <87a5di8nbf.fsf@melete.silentflame.com>
X-Original-References: <87ttbq911z.fsf@melete.silentflame.com> <53e2e844-7d98-438e-a33b-c6b275af2b94@t-online.de>
Xref: csiph.com linux.debian.maint.python:16495

Hello,

On Fri 29 Nov 2024 at 08:38am +01, Carsten Schoenert wrote:

> Hi Sean,
>
> Am 29.11.24 um 04:22 schrieb Sean Whitton:
>> Hello,
>> There are three DoS CVEs for python-werkzeug in stable.
>> I intend to fix these as part of the Debian LTS team, sponsored by
>> Freexian.  I would like also to fix them in bookworm, because that will
>> become an LTS release eventually.  Would you like me to go ahead and
>> submit a stable update request, or are you already working on something?
>
> no, I haven't looked into the details yet to fix these CVEs for the older
> versions in Debian, I was intending to look into these after the recent happen
> update of Werkzeug plus Flask *and* after my moving of home. It would take at
> least some more weeks on my sid, please go ahead and don't wait for me.

Thanks for getting back to me so quickly.  I'll see how I get on.

-- 
Sean Whitton