Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.python > #17489
| From | "Pieter Lenaerts" <plenae@disroot.org> |
|---|---|
| Newsgroups | linux.debian.bugs.dist, linux.debian.maint.python |
| Subject | Bug#1135779: beets: CVE-2026-42052 |
| Date | 2026-05-09 15:20 +0200 |
| Message-ID | <MSPL3-3Rhp-1@gated-at.bofh.it> (permalink) |
| References | (1 earlier) <MRCGd-2WFa-7@gated-at.bofh.it> <MRuyZ-2R16-13@gated-at.bofh.it> <MRDiV-2WTi-1@gated-at.bofh.it> <MRuyZ-2R16-13@gated-at.bofh.it> <MRDiV-2WTi-1@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
Cross-posted to 2 groups.
[Multipart message — attachments visible in raw view] - view raw
On Wed May 6, 2026 at 7:47 AM CEST, Salvatore Bonaccorso wrote: Hi Salvatore & python team, > [...] just uploading the fixing version to > unstable is good. I'm looking into getting the update to unstable. There are some dependency issues. > For stable and oldstable I believe it does not need > a security update, we will mark it no-dsa in the security tracker. If > you mean to fix it in stable and olstable doing it via a upcoming > point release would be sufficient. I have now pushed my proposition for a trixie update to https://salsa.debian.org/python-team/packages/beets/-/tree/debian/stable/ I backported the patch and added a test to check for unsafe input fields in the template. 1. Can someone in the python team review my proposed fix? 2. Should this then become a stable update, following that process? If yes I will open a stable update bug. Thanks for giving me directions, Pieter
Back to linux.debian.maint.python | Previous | Next | Find similar
Bug#1135779: beets: CVE-2026-42052 "Pieter Lenaerts" <plenae@disroot.org> - 2026-05-09 15:20 +0200
csiph-web