vcswatch reports that
there is an error with this package's VCS, or the debian/changelog file inside
it. Please check the error shown below and try to fix it. You might have
to update the VCS URL in the debian/control file to point to the correct
repository.
fatal: unable to access 'https://salsa.debian.org/debian/python-marshmallow.git/': HTTP/2 stream 1 was not closed cleanly before end of the underlying stream
1 issue left for the package maintainer to handle:
CVE-2025-68480:
(needs triaging)
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time. This issue has been patched in version 3.26.2 and 4.1.2.
Among the 2 debian patches
available in version 3.26.2-0.1 of the package,
we noticed the following issues:
2 patches
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.7.4 instead of
4.7.3).
![[bug history graph]](https://qa.debian.org/data/bts/graphs/p/python-marshmallow.png){kind=link}