-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 18 Mar 2019 13:37:16 +0100 Source: sqlalchemy Binary: python-sqlalchemy python-sqlalchemy-ext python-sqlalchemy-doc python3-sqlalchemy python3-sqlalchemy-ext Architecture: source all amd64 Version: 0.9.8+dfsg-0.1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Piotr Ożarowski <piotr@debian.org> Changed-By: Sylvain Beucler <beuc@debian.org> Description: python-sqlalchemy - SQL toolkit and Object Relational Mapper for Python python-sqlalchemy-doc - documentation for the SQLAlchemy Python library python-sqlalchemy-ext - SQL toolkit and Object Relational Mapper for Python - C extension python3-sqlalchemy - SQL toolkit and Object Relational Mapper for Python 3 python3-sqlalchemy-ext - SQL toolkit and Object Relational Mapper for Python3 - C extensio Changes: sqlalchemy (0.9.8+dfsg-0.1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Debian LTS Team. * Fix CVE-2019-7164 and CVE-2019-7548: SQL injection in order_by() and group_by(). Upstream warns that this breaks the seldom-used text coercion feature. Checksums-Sha1: 7af7b09c601484e2de64bdf2d3b200b7a026a685 2259 sqlalchemy_0.9.8+dfsg-0.1+deb8u1.dsc 06daf537f9de34a2fdaf60c9752568086962b8c8 4046697 sqlalchemy_0.9.8+dfsg.orig.tar.gz dd4cc74d02361304f3751c3aa74dad6313d6803e 14880 sqlalchemy_0.9.8+dfsg-0.1+deb8u1.debian.tar.xz 406f20eec097a5895d95db03fd3830fa171eeeb8 605028 python-sqlalchemy_0.9.8+dfsg-0.1+deb8u1_all.deb 1ae3e2642d4b01006717c367bcdd631fe0bb78f4 1252150 python-sqlalchemy-doc_0.9.8+dfsg-0.1+deb8u1_all.deb 325028e61a068b6cc6cdde56b7dd6a8cacc3224c 600836 python3-sqlalchemy_0.9.8+dfsg-0.1+deb8u1_all.deb b3d69d90f6f9d7eb4a2ea6bcd121f73d1aa15255 18878 python-sqlalchemy-ext_0.9.8+dfsg-0.1+deb8u1_amd64.deb 9e0e8dbb24e34210ea55559bf7fb207e76c15e43 19024 python3-sqlalchemy-ext_0.9.8+dfsg-0.1+deb8u1_amd64.deb Checksums-Sha256: e5da06049e47e8ca61e845f8de3bef2e9584059881283f22f7442c026814f8ce 2259 sqlalchemy_0.9.8+dfsg-0.1+deb8u1.dsc 0371ca90d1abadb109c73f1ac096c17f0bbff9fb43d66f3346806f6d6b9c110d 4046697 sqlalchemy_0.9.8+dfsg.orig.tar.gz f59040e2f5bf79b5c370cae3f4c2f236513ba706731f67e32834cd620d90bdc5 14880 sqlalchemy_0.9.8+dfsg-0.1+deb8u1.debian.tar.xz 2fecf43ffe517fd9be4b66c745e4dfa98cea4dc7b62cfcd9c7385d58461dd6ed 605028 python-sqlalchemy_0.9.8+dfsg-0.1+deb8u1_all.deb 2287e0f736e1bdbf266e7d0419fc3e690e06ec171471831b48d05264e479bc6f 1252150 python-sqlalchemy-doc_0.9.8+dfsg-0.1+deb8u1_all.deb 5b30d4f84f0b9ef952c5a0121e33d355e32c3b524987ff2894749f77c3b05ea5 600836 python3-sqlalchemy_0.9.8+dfsg-0.1+deb8u1_all.deb b58bb8085db43332b4f6d8a3f413264117d48bb0110a6b7b46aeb030e0ad6b99 18878 python-sqlalchemy-ext_0.9.8+dfsg-0.1+deb8u1_amd64.deb 70c5ed7d383f40727516a4fe879c6ece027516380b1b2e635e8038e30898e03a 19024 python3-sqlalchemy-ext_0.9.8+dfsg-0.1+deb8u1_amd64.deb Files: f7a4ca0046cb16b67d9d11ecaf76e0ac 2259 python optional sqlalchemy_0.9.8+dfsg-0.1+deb8u1.dsc 9064e03b4ec453ef7f181b8bf7ddaa9c 4046697 python optional sqlalchemy_0.9.8+dfsg.orig.tar.gz 03422aff739ffc9312d12672b325401b 14880 python optional sqlalchemy_0.9.8+dfsg-0.1+deb8u1.debian.tar.xz fe63296bd572d5a4aded8e760b26b866 605028 python optional python-sqlalchemy_0.9.8+dfsg-0.1+deb8u1_all.deb c287764d65d83b9e52736d5a593cfbe2 1252150 doc extra python-sqlalchemy-doc_0.9.8+dfsg-0.1+deb8u1_all.deb 6eb8662bcdadb0d6594d3c0bed49f596 600836 python optional python3-sqlalchemy_0.9.8+dfsg-0.1+deb8u1_all.deb d245257b24621d703f31d00c117b0057 18878 python optional python-sqlalchemy-ext_0.9.8+dfsg-0.1+deb8u1_amd64.deb 6516f1d09bb2a957af334575315e5765 19024 python optional python3-sqlalchemy-ext_0.9.8+dfsg-0.1+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAlyPl/cACgkQj/HLbo2J BZ8RwQf9EzfO8c39QD4VtZnSykgh6fzgQ3T2tiq5SFL4RW3J8N3wl4RGzQbNOyLL o38MLN9uogvaZVvmTBxgDf+lB7uf48o+xYwuNAspSn8gxcmCY2TfKBtmKf99Y0YP oHrCMpy3eai+fCQEy/N2Rvhm92aQqXZhVBkW/kuJVgyiPOZAp9OGxNqUUmN8iUd0 iLjF6qZiO7QFwxgMgAE7glWiOsaomsXtRtVQwuqRlTcPPToPS8jekL7k/kUl315P OT1nu7uqc8P1GVlCpucEV3lfM77lc9ee4q/te3tQMpsRGbmVnegKwMm7L45jaVNC GrIKxazVKASL9gj/SsTgTIZEwJCxqg== =sBX6 -----END PGP SIGNATURE-----
