Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted restrictedpython 8.0-1 (source) into unstable
Date: Mon, 27 Jan 2025 21:09:04 +0000
Signed by: Colin Watson <cjwatson@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 27 Jan 2025 20:35:21 +0000
Source: restrictedpython
Architecture: source
Version: 8.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 1084057 1094026
Changes:
 restrictedpython (8.0-1) unstable; urgency=medium
 .
   * Team upload.
   * debian/watch: Accept lower-case restrictedpython-*.
   * New upstream release:
     - CVE-2024-47532: Prevent information leakage via `AttributeError.obj`
       and the `string` module (closes: #1084057).
     - CVE-2025-22153: Disallow `try/except*` clauses due to a possible
       sandbox escape and probable uselessness of this feature in the context
       of `RestrictedPython`.  In addition, remove `ExceptionGroup` from
       `safe_builtins` (as useful only with `try/except*`) (closes:
       #1094026).
   * Use dh-sequence-python3.
   * Use pybuild-plugin-pyproject.
   * Switch to autopkgtest-pkg-pybuild.
Checksums-Sha1:
 dadb1b1736dc81d3a8559e1d90791457eb2c8e53 2315 restrictedpython_8.0-1.dsc
 7110249edde92a30cd0bea407ce1994c085d0f6f 448747 restrictedpython_8.0.orig.tar.gz
 23e612b87146d05a91ad773190b06d33a72382ff 4224 restrictedpython_8.0-1.debian.tar.xz
Checksums-Sha256:
 e9d6286c19ba9d4de922cfef9f956ee631c09a78fd8677cf91c8a9a952d2eb68 2315 restrictedpython_8.0-1.dsc
 3af2312bc67e5fced887fb85b006c89861da72488128b155beea81eb6a0a9b24 448747 restrictedpython_8.0.orig.tar.gz
 523507f4a881a9c0820e6ec9b42f0765197cbc6a91993244e5bb28f496f44346 4224 restrictedpython_8.0-1.debian.tar.xz
Files:
 d3ff80e433df206eca767131ad9c477a 2315 python optional restrictedpython_8.0-1.dsc
 324371e5ea45d254e68d4ea147ef2eab 448747 python optional restrictedpython_8.0.orig.tar.gz
 cfd48ca5b69639cbcfbc784f4e90d8ea 4224 python optional restrictedpython_8.0-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmeX7tkACgkQOTWH2X2G
UAsE8A/+JmG3v1EXmwCs/ZS1TgcALjxqN5o+4rH43IM3Ks7kJUWqmkwuZn1RTD+C
WAyJ2MueI0CY33+3LnPorLYv7M8SYZaX7gwgVgFA140uvfj2OaTMnXLYAmXSMB7I
NyWtZO9KJj2djAfnIOwdZ+SHaKVu585MenClLfh4500lPGbmjDdrdrHuL2rWbI1u
mC3Od08xju8Xwu19cOYB+hFrYOisOkrOqiLP24PcPhOUszYjPlY9X5FxgvhccVQn
S1MejTkMxKQfGn8qJZbKulUFgVF0Yql05kheo7zX2TYjFi4HlQzsXZb7rRe0PWt+
dwAyZXzvV2ILc31nX+orF1M0GJD8hJ9SC0bJkQ6R/JSVUYD84sxXwJgHZ96quZ86
7TjD3hhnrI3w036XOdE6mosU7GtpD9xXG0yxl8wCZYS6IqEE/7lVEouzhKHaSM7D
cuDUhxgq0u3s+zlW1QTH8kdEi2gR+/lv7Lawb9wf7aafImiDME9mdZO43wpx+pjp
HkDZfvq5zu1qyPj0VsnxOjbQexKiu/cYrdj4ZYamFN/uhGM6MzpFqpiyFpqyukJS
d3JVeg9XrTo2r52bHtwc0CFRiu2vP8nhrUDnT4zCcQF0EBtXCraWTeVHOvBC31fY
p0NEb/V0ojYbqK05MGvVuFDxdlPV/7XZZdlwGndMX4pkIya9FlU=
=1WPB
-----END PGP SIGNATURE-----

News for package restrictedpython