Re: Please fix Debian bug 1032091 "py7zr: CVE-2022-44900"

To: Sandro Tosi <morph@debian.org>
Cc: debian-python@lists.debian.org
Subject: Re: Please fix Debian bug 1032091 "py7zr: CVE-2022-44900"
From: yokota <yokota.hgml@gmail.com>
Date: Sat, 25 Mar 2023 12:35:03 +0900
Message-id: <[🔎] CA+0c0dUaE1ASiOjo6K4rg-m3CFpZN8fNgw=OQgjmBJ-AJ1DRZw@mail.gmail.com>
In-reply-to: <[🔎] CAB4XWXwX-0q=08cXVUEssajhY=9jweckpkT2Y-4FZU_5QtpEEA@mail.gmail.com>
References: <[🔎] CA+0c0dUq9vK+2kO9+=FayPRa=oUKcFkhGXsJgxU1YWrj7iv3ig@mail.gmail.com> <[🔎] CAB4XWXwX-0q=08cXVUEssajhY=9jweckpkT2Y-4FZU_5QtpEEA@mail.gmail.com>

Hello, Sandro.

> feel free to provide a patch to fix it. upgrading to newer upstream
> releases is prohibitive given the increasing amount of
> additional/frivolous dependencies upstream decided to rely on.

Thanks for your quick response.
I was pushed merge request to Debian salsa repository about this issue.

https://salsa.debian.org/python-team/packages/py7zr/-/merge_requests/2

--
YOKOTA

Reply to:

References:
- Please fix Debian bug 1032091 "py7zr: CVE-2022-44900"
  - From: yokota <yokota.hgml@gmail.com>
- Re: Please fix Debian bug 1032091 "py7zr: CVE-2022-44900"
  - From: Sandro Tosi <morph@debian.org>

Prev by Date: Re: Please fix Debian bug 1032091 "py7zr: CVE-2022-44900"
Next by Date: Tiledb-py fails to build (Was: tiledb: uses atomic operations, but is not linked to libatomic)
Previous by thread: Re: Please fix Debian bug 1032091 "py7zr: CVE-2022-44900"
Next by thread: Tiledb-py fails to build (Was: tiledb: uses atomic operations, but is not linked to libatomic)
Index(es):
- Date
- Thread