Update for SQLAlchemy to address CVE-2019-7164 CVE-2019-7548
- To: buildbot@packages.debian.org, changeme@packages.debian.org, db2twitter@packages.debian.org, dms-core@packages.debian.org, mailman3@packages.debian.org, openlp@packages.debian.org, python3-agatesql@packages.debian.org, python3-geoalchemy2@packages.debian.org, python3-osmalchemy@packages.debian.org, python3-pybel@packages.debian.org, python3-sadisplay@packages.debian.org, python3-sqlsoup@packages.debian.org, retweet@packages.debian.org, sqlacodegen@packages.debian.org, yokadi@packages.debian.org, archipel-core@packages.debian.org, bauble@packages.debian.org, blogofile-converters@packages.debian.org, childsplay@packages.debian.org, epigrass@packages.debian.org, gnukhata-core@packages.debian.org, gourmet@packages.debian.org, griffith@packages.debian.org, kamcli@packages.debian.org, pegasus-wms@packages.debian.org, pycsw-wsgi@packages.debian.org, python-elixir@packages.debian.org, python-pywps@packages.debian.org, python-sprox@packages.debian.org, python-sqlkit@packages.debian.org, python-sqlsoup@packages.debian.org, python-zope.sqlalchemy@packages.debian.org, pytrainer@packages.debian.org, vistrails@packages.debian.org, yhsm-yubikey-ksm@packages.debian.org, 929321@bugs.debian.org
- Subject: Update for SQLAlchemy to address CVE-2019-7164 CVE-2019-7548
- From: Thomas Goirand <zigo@debian.org>
- Date: Fri, 31 May 2019 01:34:33 +0200
- Message-id: <[🔎] 41fafdb5-588a-d330-5665-5d5be9bf89d2@debian.org>
Dear package maintainer,
We're about to upgrade SQLAlchemy in Buster to address an SQL injection
issue. The fixed package is in unstable, under the version 1.2.18+ds1-2.
In some rare cases, this update may break reverse depenencies, leading
to non-working SQL queries.
This is why I'm writing this email to you today: to ask you to please
test your application with SQLAlchemy 1.2.18+ds1-2 ASAP, to address any
potential unforecast issue before the Buster release.
Details about the discussion can be seen here in the Debian bug #929321.
Best regards,
Thomas Goirand (zigo)
Reply to: