-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 08 Mar 2019 07:38:55 +1100 Source: rdflib Binary: python-rdflib python3-rdflib python-rdflib-doc python-rdflib-tools Architecture: source amd64 all Version: 4.1.2-3+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Christian M. Amsüss <chrysn@fsfe.org> Changed-By: Brian May <bam@debian.org> Description: python-rdflib - Python library containing an RDF triple store and RDF parsers/ser python-rdflib-doc - Python library containing an RDF triple store and RDF parsers/ser python-rdflib-tools - Python library containing an RDF triple store and RDF parsers/ser python3-rdflib - Python 3 library containing an RDF triple store and RDF parsers/s Changes: rdflib (4.1.2-3+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2019-7653: The Debian package had a custom wrapper that can load Python modules from the current working directory, allowing code injection. This is because "python -m" looks in this directory. This version uses the easy_install provided scripts instead of our our custom scripts. * Remove html5lib and SPARQLWrapper from upstream install_requires, because this information was not checked with previous wrapper, these are only included for Python 2.7, and they are not listed in the depends header. Checksums-Sha1: 1b60cab367da48a573a42374b48d2eeb5e3b26cb 2460 rdflib_4.1.2-3+deb8u1.dsc 5699cab47a413a32a984e9691ad57960c184aa6e 894937 rdflib_4.1.2.orig.tar.gz 7312a1ab29e27ac068bce9834d970c2f85a0fc73 27724 rdflib_4.1.2-3+deb8u1.debian.tar.xz a46f8c55a64585f486acc8ef2e562ef28f3eac7e 243828 python-rdflib_4.1.2-3+deb8u1_amd64.deb b684ac40575c5891d42043d47f63fd88d1ff8d29 242736 python3-rdflib_4.1.2-3+deb8u1_amd64.deb 569d59326e3750c5dfdb4aef116db1b9845e0305 604178 python-rdflib-doc_4.1.2-3+deb8u1_all.deb 97f7312629b9a767c8e73a77dd307b1c3fa7910b 24964 python-rdflib-tools_4.1.2-3+deb8u1_amd64.deb Checksums-Sha256: 52e4830336afae88607c933f4a772e3badc1d2a77f27e51b14d72c31079b5bf5 2460 rdflib_4.1.2-3+deb8u1.dsc 58ee60b561076829578e16eb4a47606f56079f44669340f1ed88c0a5f37c5aea 894937 rdflib_4.1.2.orig.tar.gz 201d73c09ff1ed9a591b79453386295d2baf4d75001cc9d0615e5c15dd7ec86c 27724 rdflib_4.1.2-3+deb8u1.debian.tar.xz 6fcd37f95a03b228ec41984a63db781300b70b421deb30047875dda6157039fc 243828 python-rdflib_4.1.2-3+deb8u1_amd64.deb 11773f578370889b11d43e09071fa3a6f031ed6e638cec4d67f9ea7c7b334c0b 242736 python3-rdflib_4.1.2-3+deb8u1_amd64.deb f3c8f69373f1e4d9d799a7215662cf7898f1b3863069cd620153e35218d1a231 604178 python-rdflib-doc_4.1.2-3+deb8u1_all.deb b109af8772f3ec37637959bb9d60b4accdf365d8c93a29e41ed5b137fc787474 24964 python-rdflib-tools_4.1.2-3+deb8u1_amd64.deb Files: 2786d4a9bbe9c99da5178006faa95744 2460 python optional rdflib_4.1.2-3+deb8u1.dsc 5c284061f1f2a086b0782644afbaac59 894937 python optional rdflib_4.1.2.orig.tar.gz 1f0af093698c2e66a38a069c53da27a8 27724 python optional rdflib_4.1.2-3+deb8u1.debian.tar.xz 843ee3ead42541a9a892a75787b2fabd 243828 python optional python-rdflib_4.1.2-3+deb8u1_amd64.deb ff41ec60b58d04a59158a73dd2675035 242736 python optional python3-rdflib_4.1.2-3+deb8u1_amd64.deb ab61c5cc6593b020502f4b8cc840a85c 604178 doc optional python-rdflib-doc_4.1.2-3+deb8u1_all.deb d531afce23f65873014b5365072f6c9d 24964 python optional python-rdflib-tools_4.1.2-3+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAlyPOW0ACgkQKpJZkldk SvrXkg/8Dqq2LLEc7JdQkL6Lre2Sr7KAwaLKASsq8z1D5S/FYAIWmTJuufVMWtUJ HcBN50q5jiRGBAMulRRiaSQBtTv++zRYd0cgD77u1gBHCY7WY1fCur0uhpExnQVv ngzXLoCMu8a0QWsRDI2pJIAFOPzTmiMCD4e1dHBK0jtXuASxb8ohHqVZozZ1js/l xw21VoDmwKOQnEZxpoC04eUuy/RkMaB632JwchefeBIryVLcRbkI5FCdleZqaXt7 EsHhlwfwJ6mclW8IGKlswTp2dPcRwYeszf30mTpe1NeJBJV9U1UrYzuiduOY8ojs z88W5+C8d0WHqbEwILAxEFY/z3jNoUOlS/4IFfN3JFl0/7uWxZRAnazJmEmTbxZj /i8EclPg2p+Y3ciM4Gtx7dXE/2n3sb1k+6zK3jMl5rQuJaNk+SQIB+OKxp2hPDir VlouFpRXmYxgUZB2szMub7rheYPsskCAVEGPd/drDDtutx9UJN8LkQgDJEWBCYoT FffHJj5LeMvQjzFB7nJavT0ONiKd4x0bVEz24IsFykpRpnfFW+U1LeNJazH0GCFq xaFMExJRako+frnaXHyg4rHur0QjAeZFiIaIcZwO4pC4qedpjjEtPr7y8fjNnviQ HVSsse1e65TS7gqUi+byKbjR8XnPHOtr0FdGmMNE9iKTy03Jn3c= =fIq/ -----END PGP SIGNATURE-----