Bug#1001411: bullseye-pu: package dask.distributed/2021.01.0+ds.1-2.1 fixing CVE-2021-42343

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

Control: tags -1 + confirmed

On Thu, 2021-12-09 at 11:35 -0800, Diane Trout wrote:
> I attempted to backport the fix for CVE-2021-42343 to
> 2021.01.01+ds.1-2.1 while trying to test that it was fixed I
> discovered there was an import error on Python 3.9 that prevented the
> local cluster from launching.
> 
> The upstream discussion about the import problem is available here:
> https://github.com/dask/distributed/issues/4168
> 
> [ Impact ]
> 
> Without the update the the local Client object can't run with
> python3.9 and if someone patches it to run then they might be subject
> to CVE-2021-42343.
> 

Please go ahead.

Regards,

Adam