Bug#1001411: bullseye-pu: package dask.distributed/2021.01.0+ds.1-2.1 fixing CVE-2021-42343
Control: tags -1 + confirmed
On Thu, 2021-12-09 at 11:35 -0800, Diane Trout wrote:
> I attempted to backport the fix for CVE-2021-42343 to
> 2021.01.01+ds.1-2.1 while trying to test that it was fixed I
> discovered there was an import error on Python 3.9 that prevented the
> local cluster from launching.
>
> The upstream discussion about the import problem is available here:
> https://github.com/dask/distributed/issues/4168
>
> [ Impact ]
>
> Without the update the the local Client object can't run with
> python3.9 and if someone patches it to run then they might be subject
> to CVE-2021-42343.
>
Please go ahead.
Regards,
Adam
Reply to: