-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 06 Nov 2021 22:27:44 +0100 Source: sqlalchemy Architecture: source Version: 1.0.15+ds1-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Piotr Ożarowski <piotr@debian.org> Changed-By: Markus Koschany <apo@debian.org> Changes: sqlalchemy (1.0.15+ds1-1+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-7164 and CVE-2019-7548: Two SQL injection vulnerabilities were discovered in SQLAlchemy, an SQL toolkit and Object Relational Mapper for Python, when the order_by or group_by parameters can be controlled by an attacker. Warning: The text coercion feature of SQLAlchemy is rarely used but the warning that has been previously emitted is now an ArgumentError or in case of the order_by() and group_by() parameters a CompileError. Checksums-Sha1: 7ac376f0246560be81355fa23aad68aa333f093f 2755 sqlalchemy_1.0.15+ds1-1+deb9u1.dsc f8f48a861f3035c6d86c80c12c7b2f59d892be48 2572951 sqlalchemy_1.0.15+ds1.orig.tar.gz a3ea0cfc0f9bab49bcfbc474d64f6b9711191b86 18992 sqlalchemy_1.0.15+ds1-1+deb9u1.debian.tar.xz b9a29c7b205c7471b9dba39ccb1d755ddd608c8c 5788 sqlalchemy_1.0.15+ds1-1+deb9u1_source.buildinfo Checksums-Sha256: 14ec5b6bd5cfee1ede79062f1c9237557f0381e8351f2cf5fb24085bf24859d1 2755 sqlalchemy_1.0.15+ds1-1+deb9u1.dsc 113497295f2dac2faed364956aef2d0e754164583d76a2f7670cfb8cd8cf131b 2572951 sqlalchemy_1.0.15+ds1.orig.tar.gz de5ae052334263bbbae8741f243faa9590f6ba7d674095455cc17bd2c93c2140 18992 sqlalchemy_1.0.15+ds1-1+deb9u1.debian.tar.xz 41b8e8ac66bc7e8d13d7ba836a8228e9ea39db0155cec821b6f49341ba9e09a4 5788 sqlalchemy_1.0.15+ds1-1+deb9u1_source.buildinfo Files: de26a5a0da49f42aa5cccef6ac900260 2755 python optional sqlalchemy_1.0.15+ds1-1+deb9u1.dsc aae706a69f881eeda041d0ca7c7844bf 2572951 python optional sqlalchemy_1.0.15+ds1.orig.tar.gz 68fdc3c1797c32f1c6d508c2dd908b05 18992 python optional sqlalchemy_1.0.15+ds1-1+deb9u1.debian.tar.xz f8fe6da0e0e48525484214c585e9c93b 5788 python optional sqlalchemy_1.0.15+ds1-1+deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmGG+E9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk4NwP/2FMxPx2641PF8ypp//MrQPiNr2X3REKqb/6 PbmuI3H4gI1rbWKhKJV8gNJcMwx4xMYnptn1ok1QdYUc6oPvryDvetQ7fPzJy6F+ ueXXKDgrXmTnr1xr6gjpJAle26cqcvlVdd4r187oUSuulqOCmZJaFTZxPZKWI2KY FVDJYW4OvgH9IEWynqzY7QnZxgKWpUGxB36t+AnBCeZgUort2jJNzKNByFHkEHff RNzQoDC0GOZZl0wJ/lSud3hCHxcldSG5RqCPI8t2OC/VmZpAqWaprasm8r4Z1KuG 2NV+yAAGgVLicGXlIulDXlAzzAWlQmhcOxTDuuVtXMmoW7Lu2D/jgMdeyZRixJsJ r+N54PoHyXhdRl0n4r/6tU92N0hJYPqPkgCgRrEv2n/yfGSLCMLbcbo1IhXM1xs7 tqQvfOB7FShD6kQAI65XKIzvThlppJyfLy+TsAzz/jQbxVsWqUR3J7SC/8T1eBeJ 6CcotKtqCs1YV+ZeKafblvC3tJMhBu0jFC8QWguQPJcARXF9SN0ho1Ufs5Zh4oru GMOfgVINMn5oiUFS4meschV0dYcaycqq3zXDvLeRF2wkSeyPhgOCyaGPeswbJ9pN O9hWjm/r1yYd6xDuuOzKXqN8K6MdBhP9hc5xBFqyQn3IBNNVHIlTAvyklRkC4v6Y eWEvZMb9 =40N6 -----END PGP SIGNATURE-----