Re: rdflib: URLInputSource can be abused to retrieve arbitrary documents if used naïvely

To: Nilesh Patra <nilesh@debian.org>
Cc: 1012482@bugs.debian.org, Debian Med Project List <debian-med@lists.debian.org>
Subject: Re: rdflib: URLInputSource can be abused to retrieve arbitrary documents if used naïvely
From: Andrius Merkys <andrius.merkys@gmail.com>
Date: Sun, 31 Jul 2022 12:54:23 +0300
Message-id: <[🔎] CAEZpsw3MGoYLDRp-1YHmb1vZODGT9f+CqTUeFeuT4VAdT9f_JA@mail.gmail.com>
In-reply-to: <[🔎] 20220731091226.s2xl5xrscxmod5ka@debian>
References: <8e0bcfb3-9ad1-2c3e-4051-172614b863aa@debian.org> <[🔎] 20220731091226.s2xl5xrscxmod5ka@debian>

Hi Nilesh,

On Sun, 31 Jul 2022, 12:12 Nilesh Patra, <nilesh@debian.org> wrote:

rdflib has been removed from testing along with a bunch of other packages.
And it is triggering -rm-s for packages in testing anyway.

Upstream is not actively working on the issue as I see from the github Issue
URL. -- Do you think we can lower severity of this bug for a bit?

AFAIK, usually it is up to the maintainer to decide about the severity. It could be lowered, yes, but I do not think it is OK to have rdflib with this bug in bookworm. It would be good to ping the upstream as well.

Best,

Andrius

Reply to:

References:
- Re: rdflib: URLInputSource can be abused to retrieve arbitrary documents if used naïvely
  - From: Nilesh Patra <nilesh@debian.org>

Prev by Date: Re: rdflib: URLInputSource can be abused to retrieve arbitrary documents if used naïvely
Next by Date: RFH: porting bolt-lmm
Previous by thread: Re: rdflib: URLInputSource can be abused to retrieve arbitrary documents if used naïvely
Next by thread: RFH: porting bolt-lmm
Index(es):
- Date
- Thread