• Please fix Debian bug 1032091 "py7zr: CVE-2022-44900"

    From yokota@21:1/5 to All on Fri Mar 24 01:00:01 2023
    Hello, Python maintainers.

    Debian "py7zr" package has security issue CVE-2022-44900,
    and this issue affects Debian "calibre" package because "calibre" depends
    this "py7zr" module.
    https://tracker.debian.org/pkg/py7zr

    Please examine Debian bug report 1032091, and fix this issue.
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032091

    Debian release system will auto-remove these packages from testing distribution on Wed 12 Apr 2023.

    Thanks,
    --
    YOKOTA Hiroshi

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Sandro Tosi@21:1/5 to All on Fri Mar 24 02:10:01 2023
    Debian "py7zr" package has security issue CVE-2022-44900,
    and this issue affects Debian "calibre" package because "calibre" depends this "py7zr" module.
    https://tracker.debian.org/pkg/py7zr

    Please examine Debian bug report 1032091, and fix this issue.
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032091

    Debian release system will auto-remove these packages from testing distribution
    on Wed 12 Apr 2023.

    feel free to provide a patch to fix it. upgrading to newer upstream
    releases is prohibitive given the increasing amount of
    additional/frivolous dependencies upstream decided to rely on.

    --
    Sandro "morph" Tosi
    My website: http://sandrotosi.me/
    Me at Debian: http://wiki.debian.org/SandroTosi
    Twitter: https://twitter.com/sandrotosi

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From yokota@21:1/5 to All on Sat Mar 25 05:00:01 2023
    Hello, Sandro.

    feel free to provide a patch to fix it. upgrading to newer upstream
    releases is prohibitive given the increasing amount of
    additional/frivolous dependencies upstream decided to rely on.

    Thanks for your quick response.
    I was pushed merge request to Debian salsa repository about this issue.

    https://salsa.debian.org/python-team/packages/py7zr/-/merge_requests/2

    --
    YOKOTA

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)