Bug#947142: buster-pu: package python-oslo.utils/3.36.4-2 CVE-2019-3866

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

Control: tags -1 + confirmed

Apologies for the delay.

On Sat, 2019-12-21 at 22:13 +0100, Thomas Goirand wrote:
> I'd like to update python-oslo.utils in Buster to address CVE-2019-
> 3866.
> It wasn't possible to apply directly the patch available here:
> 
> https://review.opendev.org/692972
> 
> and I found too dangerous to skip the commits right before it, which
> are related to this patch. So I just merged upstream branch
> stable/rocky into the Debian package. However, looking closer to all
> patches, either they are all related to the official patch, or are
> cosmetic from the Debian perspective (ie: .gitreview, or upstream CI
> related).
> 
> Please find, attached to this bug, the debdiff for the udpate.
> 

+python-oslo.utils (3.36.4+2019.11.15.git.c49a426b66-1+deb10u1) buster;
urgency=medium

I'd prefer -0+deb10u1 there, as there was (I presume) never a -1 upload
to Debian.

With that change, please go ahead.

Regards,

Adam