CVE-2019-16935

Hi fellow LTS and extended LTS development teams

I have looked a little into CVE-2019-16935. My conclusion is that the package is vulnerable but I could not really judge its severity. I have a question though. If we find that we should correct it, shouldn't we correct also jython and pypy-lib in that case?

The problem is in DocXMLRPCServer.py and that file exist also in the other two packages. Or should we assume there will be a different CVE for those packages?

https://packages.debian.org/search?searchon=contents&keywords=DocXMLRPCServer.py&mode=exactfilename&suite=oldstable&arch=any

Best regards

// Ola

--- Inguza Technology AB --- MSc in Information Technology ----

| ola@inguza.com opal@debian.org |

| http://inguza.com/ Mobile: +46 (0)70-332 1551 |

---------------------------------------------------------------

Reply to:

Follow-Ups:

Re: CVE-2019-16935/python*
- From: Sylvain Beucler <beuc@beuc.net>