Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted python-babel 2.8.0+dfsg.1-7 (source) into unstable
Date: Thu, 13 May 2021 21:04:15 +0000
Signed by: Thomas Goirand <zigo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 01 May 2021 17:13:14 +0200
Source: python-babel
Architecture: source
Version: 2.8.0+dfsg.1-7
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 987824
Changes:
 python-babel (2.8.0+dfsg.1-7) unstable; urgency=medium
 .
   * CVE-2021-20095: Relative Path Traversal in Babel 2.9.0 allows an attacker
     to load arbitrary locale files on disk and execute arbitrary code. Applied
     upstream patch: Run locale identifiers through `os.path.basename()`.
     (Closes: #987824).
Checksums-Sha1:
 d6ce076bc41c0e6bc1c1de23820a906e35b0f919 2343 python-babel_2.8.0+dfsg.1-7.dsc
 de48785b69c243851347c0cf1378746d12327603 13700 python-babel_2.8.0+dfsg.1-7.debian.tar.xz
 f7e5843ef42090d9bbf26ec44a01042879e68d98 8258 python-babel_2.8.0+dfsg.1-7_amd64.buildinfo
Checksums-Sha256:
 a88c1f9bee68819f2677f8e5864811d3aca558dc1edbf94a5f3308449f60bc16 2343 python-babel_2.8.0+dfsg.1-7.dsc
 5a429cf185cc77af648204459cd7e7a0f41f15189a6c639b35af1baece9e129b 13700 python-babel_2.8.0+dfsg.1-7.debian.tar.xz
 48efaa600a43e7c904f781f4243a25d0219d53ac44fec602a061d33f4a9a92ee 8258 python-babel_2.8.0+dfsg.1-7_amd64.buildinfo
Files:
 808d29ee3b11b0286e18e88cbe8e9620 2343 python optional python-babel_2.8.0+dfsg.1-7.dsc
 47ef1a56dd29ab0dab5c216d428429a6 13700 python optional python-babel_2.8.0+dfsg.1-7.debian.tar.xz
 c206635bf7a07df5a3cc5a8282f4417e 8258 python optional python-babel_2.8.0+dfsg.1-7_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmCdkNEACgkQ1BatFaxr
Q/6xZQ//XQ1i1tfQmg+UvRQv+MwcMGXRtvylzGteMGm7YY9bYDzr2les5Mz7KtEm
J/lc4ZIuqFrhiPmNw8LsBm2iG1Jkq+YQaBqx2eETfHlJKom3FcjvitRsAh4Woh9O
XybviDqg+GTjPusqCjQ4+VpBm4XCilt81BLV0G6kVJBNs4bUwiCiOZzQkmTQR4Xl
/etPOF5viT8QiIIo7AA9wwsukKuUFmypXFhI1Gp5C3k6DX1GmRqfOLEj+AcWp0KK
BjcxysAhHkioH7YF3Qg4SMF6w/2Z1FNU+daeMNMMfHQuFNRX2r2liIxShfjQwpAW
YnwpS6LqH6jLjhXkUxg9w4xWTfviLC8uhKyyFejZtwN//zRZ7eEHwAMK4m29XRhB
NeCCBIpxwUf6vPjkLQSNyBlCdMUb5/OiGfKpheCJ0Yxy4Lve3VxzTKVgO/I8YzAU
p/HgZUoP0BOXQZw7BW1bJbJWOZnxTRdEFKAPbMNYJwvRhRMwOsa2s0sEcvfBDIw6
XFBq8/RNckDNJ1JfadTMHjqlx7LzMh+N2TWyrjQ2AgpPD4SAzAmcJ2AsShYhIcqh
9Jn8CdirX382qxn/iI0EmmEqAuaL5R6HPWgvSooyGTRXW6bal2tKDdvmJWwS0sC7
HliuVH1DEwn4fkkw4z2/HOpbjrTJOtYNY2UmQKTGEaPm9i58R+Y=
=AqZn
-----END PGP SIGNATURE-----

News for package python-babel