-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 28 May 2024 08:56:57 +0200 Source: python-pymysql Architecture: source Version: 0.9.3-2+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org> Changed-By: Thomas Goirand <zigo@debian.org> Closes: 1071628 Changes: python-pymysql (0.9.3-2+deb11u1) bullseye-security; urgency=medium . * CVE-2024-36039: PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict. Applied upstream patch: forbid_dict_parameter.patch (Closes: #1071628). Checksums-Sha1: 357ba0df0ea70e74d0756d7a7138876b80f7f5d4 2324 python-pymysql_0.9.3-2+deb11u1.dsc 26207ac507e7b9593816d9b060e52d7a9a9d2eec 86715 python-pymysql_0.9.3.orig.tar.gz 39eca8afcd43dc3670c08dfe9073298933be4c30 6648 python-pymysql_0.9.3-2+deb11u1.debian.tar.xz 3954f2d613ca33a11791dd0964be91318e845357 9750 python-pymysql_0.9.3-2+deb11u1_amd64.buildinfo Checksums-Sha256: 9daa9535965b2ea9dff2034a2feb571d657ec2eaa60bb68a289c479d1cadd569 2324 python-pymysql_0.9.3-2+deb11u1.dsc 5a85599a69b51db185f9447ba5034501482496e481574bce972c7dcb5abe1d57 86715 python-pymysql_0.9.3.orig.tar.gz ca3565d650c580e509598b5e7dfb550c16c863e3c739d33b52757e6bf8bc483c 6648 python-pymysql_0.9.3-2+deb11u1.debian.tar.xz 07195d35181d6fb4356782121c345e9b9156e1861777cfc17a68f9f9a64dffbc 9750 python-pymysql_0.9.3-2+deb11u1_amd64.buildinfo Files: 1b4617b1718a045ffcd17122130c6b67 2324 python optional python-pymysql_0.9.3-2+deb11u1.dsc 7afad735628571b6fffd74086ce451b7 86715 python optional python-pymysql_0.9.3.orig.tar.gz 65545c35069130e979b35320e91c9182 6648 python optional python-pymysql_0.9.3-2+deb11u1.debian.tar.xz e9763923b6b442a29b8de2ab7e6c7b04 9750 python optional python-pymysql_0.9.3-2+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmZWzvMACgkQ1BatFaxr Q/4LdRAAkRb25uh0rg3P+SHY66zh1UtAI0FzFBW1K39JO44Usu/39rch8KWONR3z izrPSDia2dgbrcs6EVlJO4kp/9RY1Ri0GDrx+Aeuu8GJDgFDEYTx0qwOmGBJMpXU oQ8awoAHlKpm4maLNx9MonFDNIuZRvVS2iDAuDohxXrN+WPbGd8izRdTahmvFOIA 0sfa4uLwwrspV+xxte+3edr8nGRCu3UlC3m5mW+s0pRvltqZ7pAKBocqCNEua3hm jRELrRgfINjzgdol24Dc78J9AE3xEBKrW0g5jW3HeHdV5yFpiGaegWQq2r+s2lx7 YayUk09WoFP63/hSmhlhSuVo3hlTy4qZO0SzKqPjNlKanCsL2l9lPwbjh8O+iLex 2tQzmUYwm5OiZ0nUJ4CpYSUYSjvZdKo6oTCvPx0Y8fSP60xmYWH2nL3w8RN271st zEfPhHs8RIEpidDSHu1jWYfzVT0iaey71HxPJdFvZWZ3Xr/sYxYUVfCmWfkylVkE UP3jd8pmJEaQeFiF+5u8aaRSFtJ6Hr1ElTx4WC/lOiXHOJGMXvqM3YrCb7+/DegL ALIRPOpf+uE+//fUS6c1xXqJhA5vMc3p9c6SncCQHxCB8CDF3RTaG100Aybtpe9L e6n4gjb4CechQIgQs39I5z9gjd3KXR1BnmHEpD1RccvkrQZVBR0= =w+cC -----END PGP SIGNATURE-----