Bug#1089071: bookworm-pu: package python3.11/3.11.2-6+deb12u5

To: Adrian Bunk <bunk@debian.org>, 1089071@bugs.debian.org
Subject: Bug#1089071: bookworm-pu: package python3.11/3.11.2-6+deb12u5
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 5 Dec 2024 22:18:40 +0100
Message-id: <[🔎] Z1IYsMsjviDexdmC@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1089071@bugs.debian.org
In-reply-to: <[🔎] 173334778652.26343.12673189719309545258.reportbug@localhost>
References: <[🔎] 173334778652.26343.12673189719309545258.reportbug@localhost> <[🔎] 173334778652.26343.12673189719309545258.reportbug@localhost>

Control: tags -1 - moreinfo

Hi Adrian,

On Wed, Dec 04, 2024 at 11:29:46PM +0200, Adrian Bunk wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm moreinfo
> User: release.debian.org@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: security@debian.org, Matthias Klose <doko@debian.org>
> 
>   * CVE-2023-27043: Reject malformed addresses in email.parseaddr()
>     (Closes: #1059298)
>   * CVE-2024-6923: Encode newlines in headers in the email module
>   * CVE-2024-7592: Quadratic complexity parsing cookies with backslashes
>   * CVE-2024-9287: venv activation scripts did't quote paths
>   * CVE-2024-11168: urllib functions improperly validated bracketed hosts
> 
> Tagged moreinfo, as question to the security team whether they want
> this in -pu or as DSA.

yes the point release route and batching this update together with
oters seems fine, in particular given the next point release is
scheduled to be in ~1 month.

Regards,
Salvatore

Reply to:

References:
- Bug#1089071: bookworm-pu: package python3.11/3.11.2-6+deb12u5
  - From: Adrian Bunk <bunk@debian.org>

Prev by Date: NEW changes in stable-new
Next by Date: Processed: Re: Bug#1089071: bookworm-pu: package python3.11/3.11.2-6+deb12u5
Previous by thread: Bug#1089071: bookworm-pu: package python3.11/3.11.2-6+deb12u5
Next by thread: Processed: Re: Bug#1089071: bookworm-pu: package python3.11/3.11.2-6+deb12u5
Index(es):
- Date
- Thread