Re: Please fix Debian bug 1032091 "py7zr: CVE-2022-44900"

To: yokota <yokota.hgml@gmail.com>
Cc: debian-python@lists.debian.org
Subject: Re: Please fix Debian bug 1032091 "py7zr: CVE-2022-44900"
From: Sandro Tosi <morph@debian.org>
Date: Thu, 23 Mar 2023 21:01:05 -0400
Message-id: <[🔎] CAB4XWXwX-0q=08cXVUEssajhY=9jweckpkT2Y-4FZU_5QtpEEA@mail.gmail.com>
In-reply-to: <[🔎] CA+0c0dUq9vK+2kO9+=FayPRa=oUKcFkhGXsJgxU1YWrj7iv3ig@mail.gmail.com>
References: <[🔎] CA+0c0dUq9vK+2kO9+=FayPRa=oUKcFkhGXsJgxU1YWrj7iv3ig@mail.gmail.com>

> Debian "py7zr" package has security issue CVE-2022-44900,
> and this issue affects Debian "calibre" package because "calibre" depends
> this "py7zr" module.
>   https://tracker.debian.org/pkg/py7zr
>
> Please examine Debian bug report 1032091, and fix this issue.
>   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032091
>
> Debian release system will auto-remove these packages from testing distribution
> on Wed 12 Apr 2023.

feel free to provide a patch to fix it. upgrading to newer upstream
releases is prohibitive given the increasing amount of
additional/frivolous dependencies upstream decided to rely on.

-- 
Sandro "morph" Tosi
My website: http://sandrotosi.me/
Me at Debian: http://wiki.debian.org/SandroTosi
Twitter: https://twitter.com/sandrotosi

Reply to:

Follow-Ups:
- Re: Please fix Debian bug 1032091 "py7zr: CVE-2022-44900"
  - From: yokota <yokota.hgml@gmail.com>

References:
- Please fix Debian bug 1032091 "py7zr: CVE-2022-44900"
  - From: yokota <yokota.hgml@gmail.com>

Prev by Date: Please fix Debian bug 1032091 "py7zr: CVE-2022-44900"
Next by Date: Re: Please fix Debian bug 1032091 "py7zr: CVE-2022-44900"
Previous by thread: Please fix Debian bug 1032091 "py7zr: CVE-2022-44900"
Next by thread: Re: Please fix Debian bug 1032091 "py7zr: CVE-2022-44900"
Index(es):
- Date
- Thread