sqlparse - Debian Package Tracker

general

source: sqlparse (main)
version: 0.4.2-1
maintainer: Andrii Senkovych (DMD)
uploaders: Debian Python Team [DMD]
arch: all
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.2.4-1
o-o-sec: 0.2.4-1+deb10u1
oldstable: 0.4.1-1
stable: 0.4.2-1
testing: 0.4.2-1
unstable: 0.4.2-1

versioned links

0.2.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.2.4-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.4.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.4.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python-sqlparse-doc
python3-sqlparse
sqlformat (1 bugs: 0, 0, 1, 0)

action needed

A new upstream version is available: 0.4.4 high

A new upstream version 0.4.4 is available, you should consider packaging it.

Created: 2022-09-27 Last update: 2023-09-29 22:34

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2023-30608: sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.

Created: 2023-04-19 Last update: 2023-06-11 06:30

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2023-30608: sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.

Created: 2023-06-11 Last update: 2023-06-11 06:30

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2022-07-30 Last update: 2022-07-30 12:17

2 low-priority security issues in bullseye low

There are 2 open security issues in bullseye.

2 issues left for the package maintainer to handle:

CVE-2021-32839: (needs triaging) sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround don't use the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. The issues has been fixed in sqlparse 0.4.2.
CVE-2023-30608: (needs triaging) sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2023-06-11 06:30

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2023-30608: (needs triaging) sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-06-10 Last update: 2023-06-11 06:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 4.6.0).

Created: 2022-05-11 Last update: 2022-12-17 19:17

news

[rss feed]

[2023-05-16] Accepted sqlparse 0.2.4-1+deb10u1 (source) into oldstable (Guilhem Moulin)
[2021-12-04] sqlparse 0.4.2-1 MIGRATED to testing (Debian testing watch)
[2021-12-01] Accepted sqlparse 0.4.2-1 (source) into unstable (Michael R. Crusoe) (signed by: Michael Robin Crusoe)
[2021-01-27] sqlparse 0.4.1-1 MIGRATED to testing (Debian testing watch)
[2021-01-23] Accepted sqlparse 0.4.1-1 (source) into unstable (Michael R. Crusoe) (signed by: Michael Robin Crusoe)
[2020-05-01] sqlparse 0.3.1-1 MIGRATED to testing (Debian testing watch)
[2020-04-28] Accepted sqlparse 0.3.1-1 (source) into unstable (Andrii Senkovych) (signed by: Piotr Ożarowski)
[2020-01-21] sqlparse 0.2.4-3 MIGRATED to testing (Debian testing watch)
[2020-01-19] Accepted sqlparse 0.2.4-3 (source) into unstable (Sandro Tosi)
[2020-01-08] sqlparse 0.2.4-2 MIGRATED to testing (Debian testing watch)
[2020-01-04] Accepted sqlparse 0.2.4-2 (source) into unstable (Sandro Tosi)
[2018-09-05] sqlparse 0.2.4-1 MIGRATED to testing (Debian testing watch)
[2018-09-03] Accepted sqlparse 0.2.4-1 (source all) into unstable (Andrii Senkovych) (signed by: Piotr Ozarowski)
[2018-02-12] sqlparse 0.2.4-0.1 MIGRATED to testing (Debian testing watch)
[2018-02-06] Accepted sqlparse 0.2.4-0.1 (source) into unstable (Matthias Klose)
[2016-12-03] sqlparse 0.2.2-1 MIGRATED to testing (Debian testing watch)
[2016-11-13] Accepted sqlparse 0.2.2-1 (source all) into unstable (Andriy Senkovych) (signed by: Piotr Ozarowski)
[2015-11-20] sqlparse 0.1.18-1 MIGRATED to testing (Britney)
[2015-11-09] Accepted sqlparse 0.1.18-1 (source all) into unstable (Andriy Senkovych) (signed by: Piotr Ozarowski)
[2015-09-26] sqlparse 0.1.16-1 MIGRATED to testing (Britney)
[2015-09-20] Accepted sqlparse 0.1.16-1 (source all) into unstable (Andriy Senkovych) (signed by: Piotr Ozarowski)
[2014-11-05] sqlparse 0.1.13-2 MIGRATED to testing (Britney)
[2014-10-25] Accepted sqlparse 0.1.13-2 (source all) into unstable (Andriy Senkovych) (signed by: Piotr Ozarowski)
[2014-10-20] sqlparse 0.1.13-1 MIGRATED to testing (Britney)
[2014-10-09] Accepted sqlparse 0.1.13-1 (source all) into unstable (Andriy Senkovych) (signed by: Piotr Ozarowski)
[2014-08-16] sqlparse 0.1.11-1 MIGRATED to testing (Britney)
[2014-08-11] Accepted sqlparse 0.1.11-1 (source all) into unstable, unstable (Andriy Senkovych) (signed by: Piotr Ozarowski)
[2013-11-19] sqlparse 0.1.10-1 MIGRATED to testing (Debian testing watch)
[2013-11-08] Accepted sqlparse 0.1.10-1 (source all) (Andriy Senkovych) (signed by: Piotr Ozarowski)
[2013-08-17] sqlparse 0.1.8-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 2
RC: 0
I&N: 1
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.4.2-1ubuntu1
patches for 0.4.2-1ubuntu1