Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted setuptools 52.0.0-4+deb11u2 (source) into oldstable-security
Date: Tue, 27 May 2025 11:50:21 +0000
Signed by: Lee Garrett <lgarrett@rocketjump.eu>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 27 May 2025 12:05:29 +0200
Source: setuptools
Architecture: source
Version: 52.0.0-4+deb11u2
Distribution: bullseye-security
Urgency: medium
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Lee Garrett <debian@rocketjump.eu>
Changes:
 setuptools (52.0.0-4+deb11u2) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS Team.
   * Fix CVE-2025-47273:
     - Path traversal in PackageIndex.download leads to Arbitrary File Write.
Checksums-Sha1:
 9fb2e70b21c854745d201e071ae7d6479b9703e4 2780 setuptools_52.0.0-4+deb11u2.dsc
 b1a0f468627157c4453dc023feb27862f165141e 17016 setuptools_52.0.0-4+deb11u2.debian.tar.xz
 34ac186d4870e5e83f0fd89835b387542255d88f 9134 setuptools_52.0.0-4+deb11u2_amd64.buildinfo
Checksums-Sha256:
 8ca363cb4ee1fc3030e284082d67445804b3096ee7746d3af41d3d22d7c9bbfa 2780 setuptools_52.0.0-4+deb11u2.dsc
 8cc05d8971b5e6b3d92611cbaf9038b0f92e5d1c85d96393ea7f78b964c3644d 17016 setuptools_52.0.0-4+deb11u2.debian.tar.xz
 19580877bd85e9db5291f8a3d7b48dbcfb123f4b5b188c8a8709c174ec4a7bc1 9134 setuptools_52.0.0-4+deb11u2_amd64.buildinfo
Files:
 d4206ccd7d5b9fcf712ef3742b6a5978 2780 python optional setuptools_52.0.0-4+deb11u2.dsc
 54502ddeb194ef886cf3e2f04d586737 17016 python optional setuptools_52.0.0-4+deb11u2.debian.tar.xz
 d8cb1a89f785c86511b25040da15a393 9134 python optional setuptools_52.0.0-4+deb11u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEE2EfGJRCpwv8kLOAs1gShxII+4PgFAmg1pEMACgkQ1gShxII+
4PgBOx/9HurRX1B7U51ME0svk97Q+e3N9UUIwjyDqxZYWQGHnk45aW/mp6+yQIqr
7Qb5fLOaTlk7SkMZ2J0DVRP3xazlQkvC368fZotZMDpWekSVgGozfggQ1YOv+ZTA
IJi1VVRytGnQmAg90PFpX40EFjdqN5gK8jGvWd20R3RKUHnnwmJ9vVuep/R3fm4U
WaTsTgmGHGgB17S++yUAEJ1FVH8QlftiLIqcUOAMGH6210ejwEZWlCmnj/gYe0zK
pj8fThwpTRi9fSU3oWZUIyyuZL88KcP3aw9HqJuU4WPGA6PHFyl6BMcJe6osukMp
+i3LZdyQ3u6rxW8VCGg3M1ftAe4gSsol4T/YeU94Q3nTiN59qO53ld3gSAFpfOte
tQ+FRWL5tJ/YSgv4Y0JHFTfZ9JN8yvVJZ1BuBafneQqOZkYgQYFHUJN4fCVG/M7Q
6UsZIJakCBVzOYQJX8hoOA2NMBdinwEYZhChBkhI/heeFqNMxo4wg6Yv2sVENli6
LmWYfE1/XWBkMg0ECxxxgazRq6p+T4Y6jIU9BgqEja/jcS6P4KwJVRA+uN2Tm+qq
Wbz/ZRB385XsA9hSeHlfD+NqDo45LKxj5QHB84KTyoQQ72lW2bTJRy5WqNR5ZcGA
DcmssFy+64gN10ZcMvOUzxZhB+UtptcsnVVWSWvk/+6X0Wz4W/JCH4HsK1iidmXS
15wNr3zcJv8c1ywiUCfdct92N7gOdgsGg3sBRk1yr3+WHrw8L3XpYoDDFIwFce+D
8gaTIz8JUQfypX3+rOsljg+E+wOGY5KPIcooIe7/dgLRUxhb9EnrzfFrpjExReuF
UXj2fqamLKQHrlU+xvdRZKGMveHKB6ujNs9fy4ZzljLj6Z3ACkf2EYTqxpLsw4XO
BbPhBLIipNwwZfHPTDuitrClUGm2ggGNjTiSUGHTDp6wrMFZSGJAUOYLJNGUR19n
ygjTj7l0loHOQEbkMyLcGgh4bOaglitYrX0ocGCLsPWsdskaGbsr2ayCbozxGNIj
1CnMxEvulINXjUIVhm2JW5uPg0F4yha11Vlc+/HJ0M6gtuUSYpuGfPo0ZWl/qZLV
nohja7kghk1+J3Xv9aOKk5hU4Z4k5BMN61g0uEnNnNl0FzfM3Ub+4daL7nud3wjd
UjlOBxRVT3rBzfckJU5N1PQO84mYqSy4b9Bx08ip3LzMPeLJFnRs8c0NYrzfX6Xx
MOGbicwDNvwAOsk7QBsD2dTSfkr3qtyLiQZqmkZ3AbCiNmPbh7QL2Hkv9RyD/oCF
jfTPtEAUR/FeVJij0xp77E+oxh0bA93oiQpL8lvizRyXdDlmy9oQFfyqUX2ft0S2
AWqW1ppYDpWvv88/WqGtKad4FG9eNA==
=cH3E
-----END PGP SIGNATURE-----

News for package setuptools