#47319 - python-lxml is vulnerable to CVE-2021-28957

Package	Source(s)		Maintainer(s)
guix		PTS Buildd Popcon

Message #19 received at 47319@debbugs.gnu.org (full text, mbox, reply):

Received: (at 47319) by debbugs.gnu.org; 5 Apr 2021 23:56:46 +0000
From debbugs-submit-bounces@debbugs.gnu.org Mon Apr 05 19:56:45 2021
Received: from localhost ([127.0.0.1]:38871 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lTZ5J-0003Pb-ML
	for submit@debbugs.gnu.org; Mon, 05 Apr 2021 19:56:45 -0400
Received: from world.peace.net ([64.112.178.59]:44268)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mhw@netris.org>) id 1lTZ5I-0003PP-2M
 for 47319@debbugs.gnu.org; Mon, 05 Apr 2021 19:56:44 -0400
Received: from mhw by world.peace.net with esmtpsa
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mhw@netris.org>)
 id 1lTZ5B-00013W-SD; Mon, 05 Apr 2021 19:56:37 -0400
From: Mark H Weaver <mhw@netris.org>
To: Leo Famulari <leo@famulari.name>, 47319@debbugs.gnu.org
Subject: Re: bug#47319: python-lxml is vulnerable to CVE-2021-28957
In-Reply-To: <YFori3lHDKLjAEyE@jasmine.lan>
References: <8e3d68f9e674d1556bf2ba6baff0e72c069a2673.camel@zaclys.net>
 <YFori3lHDKLjAEyE@jasmine.lan>
Date: Mon, 05 Apr 2021 19:54:54 -0400
Message-ID: <87wntg5lsm.fsf@netris.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 47319
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Leo Famulari <leo@famulari.name> writes:

> On Mon, Mar 22, 2021 at 03:09:24PM +0100, Léo Le Bouter via Bug reports for GNU Guix wrote:
>> Has lots of dependents so I suppose it needs grafting? Is that useful
>> and does it work for Python packages?
>
> Grafting Python packages is not something we've done in the past, as far
> as I can tell from reading the Git log, although I don't recall know if
> it works or not.

I see no reason why grafting a python package wouldn't work, although
admittedly my knowledge of Python is weak.

      Mark

Display info messages

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 01:47:35 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

#47319 python-lxml is vulnerable to CVE-2021-28957