Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted setuptools 78.1.1-0.1 (source) into unstable
Date: Tue, 27 May 2025 15:01:10 +0000
Signed by: Lee Garrett <lgarrett@rocketjump.eu>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 27 May 2025 15:19:40 +0200
Source: setuptools
Architecture: source
Version: 78.1.1-0.1
Distribution: unstable
Urgency: medium
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Lee Garrett <debian@rocketjump.eu>
Closes: 1105970
Changes:
 setuptools (78.1.1-0.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Update to upstream 78.1.1 which fixes CVE-2025-47273 (Closes: #1105970)
     - Path traversal in PackageIndex.download leads to Arbitrary File Write.
   * debian/watch: Update URI to https.
Checksums-Sha1:
 55337a0aeb077e7d4273d19f82e9b9a5598a6c4a 2843 setuptools_78.1.1-0.1.dsc
 b752a80ce7dc2541ed53731347844516a80830ab 1368163 setuptools_78.1.1.orig.tar.gz
 11d61d49d906d8079b3b6c8ff4ad94c1c405c091 15532 setuptools_78.1.1-0.1.debian.tar.xz
 5e81821176217ccf66736e93f8173e83873c4a2e 8629 setuptools_78.1.1-0.1_amd64.buildinfo
Checksums-Sha256:
 d0425d9385c8ad1cd5635b222dd90e1964c03de4ed3b1484317e912f0aac7e39 2843 setuptools_78.1.1-0.1.dsc
 fcc17fd9cd898242f6b4adfaca46137a9edef687f43e6f78469692a5e70d851d 1368163 setuptools_78.1.1.orig.tar.gz
 cf74bf9817f5eba7bc9bfcfbdce16ec57ba89c38280e5004b97e7caa9e1c9361 15532 setuptools_78.1.1-0.1.debian.tar.xz
 5ec0fc01762b9d227d1afef9f816c4aa0c4f98d0cd0083d727072a6a64f65bc8 8629 setuptools_78.1.1-0.1_amd64.buildinfo
Files:
 ccd15c5e3aa5e150002c2612e29fb075 2843 python optional setuptools_78.1.1-0.1.dsc
 ce1332cf70b71d9a481ff5a9cd3ff7df 1368163 python optional setuptools_78.1.1.orig.tar.gz
 ca2c4903e55e73eca2a6c2ae6082fc11 15532 python optional setuptools_78.1.1-0.1.debian.tar.xz
 f9c8c9b11b25c5e7201c6f92ca796082 8629 python optional setuptools_78.1.1-0.1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEE2EfGJRCpwv8kLOAs1gShxII+4PgFAmg1w3wACgkQ1gShxII+
4Pg3YyAAgtbIVLrhI0MczGCZUaa/A7EMecAjC0/pGj/zSR01/9DEAAmOymvB+FSB
IlJvgcoUOQFUp45kwjmMXea65PLsoCxToElzQFOsT8YeOtJoCwkoXoHkKxBNBd7G
w0onJB44iL1xYUJnwteEyf7zPx4j6mtm+mhxpJbH00qQExmzTvafa7V2uda37Jan
ymFQ+Synx0lD1evrXGPSumh0RPgprXW7aKn/VmzENOkF1ww0orinxr4MESQ4adnp
CN9HPegtAMWY1OuIXuqNm9Y9s4gzBESB0OrZT3COzDq0/Xo9nom4VAohSleIaYrr
ls7udUaHt+KcjrlOuZjoF9lbGxFSGuMYmHGdn1AbS58+Q2oe+AJPBwV3kZwRhZey
3XA3BIAMWezHj0Fe8+ZjSm+QI8IRrLvjJlFBG1d+lXddeJCBQK1wrqQhNaK+3Tyj
2W4/YbGxhXjCo27yx1KbftbnZizcvH5azY2bjf65cTm6Ld7wfKPReeloycAHPrKt
6Aqplj+QWNeliKJJWeDSs5R0oc8gYpeUEF2TOtg0fVa6fdnikfoaEj8dowrgjWXJ
XJtkW8lG/7+l+qp6MCxb6dIGz6fWasK0baU95rRf5/T5CBUVU1dTU6Uxxt7rD/Ic
H04kFvPUt0cc7waoZYnAz+iMRS+Xv32OuMXb70iDEQcWKGWcnGaIDnUtWc1MYdGU
691pzq9d6fDosKnvuvEtAPGVvBoNe4GXPojMDEkQYJxhKXUwxZwBOHh2kEZ6R1Rn
MJn72UvcEgST0Yu6cOebblLeZ+psVHbISI6ZwyoSJGeZo/Hrr5/y5hLx0NZ7XFWt
WcGdsmoPOD9207ffBXvzxOkPXPMU9aN1bZEptkIdVF3FerFa6a0vKp0uthyEpto4
bVBwKtJ9dMlnE0o1antjszIC+Kg+5Fd+pKRdo3UGTv/h+Y+nNYinOExGuy+K9L3Q
KotPB3/g/NafZveK54qEk0/9SFVlhRl9cXsIU6svcv+WrEj2X1FkcOIEDLLwUi9a
5vH+QFb7S01jb6C7JiKl16d+DS6gnk+XYzb4VHAm1RVX0xeOqEfsA/K2qx6IU+iN
pxgP5KH1/pNM0OHo4rL1FbMKAyvrg/9cKQ4o4TgmklZ2dlDttshRbOY5AlW8nwQe
fGjiyXVeV/8X5UuOW0hNh9y1ZIQmTFcm5Nh0M1U68UCqEl7jFEvpUSL9MKc7zjp7
BWivHFb3xgZXYS11+EZq1QJKOu88hUanI60F1rFrJATup7sLZCKgPQjObBZAkof2
9GJLR3DiadidC4KdiOHLxjz00g6pUaYC5tVZrOeN4DC8yDy54cq6AiL69EQa4gAm
frr5xTIT7ns6nUizTPqD9mn5F+0CTw==
=ojeB
-----END PGP SIGNATURE-----
News for package setuptools
