Accepted pyyaml 5.3-2 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 06 Mar 2020 21:56:58 -0500
Source: pyyaml
Architecture: source
Version: 5.3-2
Distribution: unstable
Urgency: high
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Scott Kitterman <scott@kitterman.com>
Closes: 948492 953013
Changes:
pyyaml (5.3-2) unstable; urgency=high
.
[ Emmanuel Arias ]
* Call python2 instead of python in autopkgtest. (Closes: #948492)
* d/control: python-yaml-dbg depends on python2-dbg instead of python-dbg.
- Patch by Matthias Klose.
.
[ Debian Janitor ]
* Bump debhelper from old 11 to 12.
* Set upstream metadata fields: Bug-Database, Bug-Submit, Name,
Repository, Repository-Browse.
.
[ Scott Kitterman ]
* Add d/p/CVE-2020-1747.patch due to command injection vulnerability
(Closes: #953013)
- Resolves CVE-2020-1747: arbitrary command execution through python/
object/new when FullLoader is used
* Bump standards-version to 4.5.0 without further change
Checksums-Sha1:
e52ba8c1f3e534b87df22731346057d47c1d4985 2289 pyyaml_5.3-2.dsc
81719e7c20d96d80f4e61978fc15c182a029df82 8208 pyyaml_5.3-2.debian.tar.xz
16daad82bc85488d7e13520ccfe39ebf097b5e0d 5972 pyyaml_5.3-2_source.buildinfo
Checksums-Sha256:
31ba4a5253deebbc95915b51d7e5c9cb3412550b85481df12bdfbd83fb7f48d3 2289 pyyaml_5.3-2.dsc
b4d944a1d021042ba8b0a8c4467d5982ab1af9b46fea758dce4a7a01309a919b 8208 pyyaml_5.3-2.debian.tar.xz
77d54aebca244ab7bc947abb5139115d17a90b5f6a6cbfd55a483f7a642989b8 5972 pyyaml_5.3-2_source.buildinfo
Files:
439096e75ff4e5476d7a8cd1e6a4b093 2289 python optional pyyaml_5.3-2.dsc
ffdd216f5aa73caa8913944c3cef4a22 8208 python optional pyyaml_5.3-2.debian.tar.xz
46e520080ca3dafb4c72d93a89585683 5972 python optional pyyaml_5.3-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAl5jD1kACgkQeNfe+5rV
mvF11Q//cDje4OA0Cm6jVD6cxazoZf6GCOU0fnwLQ0A4R4rVAaKnsdFBnuHREmzC
Cd2x2fxiotNtBjPhz5b3aRESCrQ88VALgclaQlR8E2uSBzImhGxf9HYyIbFmcD3e
1AnODHwFa973Y34MlFOjUwCEVMrIQRLnHL6+/Y59HR7uNYFljRlS2F5XT8rmc0It
HGMWrhjjP/8ljv6SSNaVw6dwXxQrT1qfPsoL0Ge5VY5AjMnhgKFlptGxGjve722x
JhyS+kwGfp/7yfPMemkLGZgjgEenVAcbtw5p0IlyGBemH/E8LHWEkkVSygudzsdD
HVSUoNeV+w4yMj1Kb6IsGz3LVNK71LarlElFjI7QNpyDAx+ifBENBGKY04FVK49S
BkeWO3bFw/VrQu+pxe44A4eSGYJhSObcNG6V2p8kcn5FpuLXg89kjJVwvvvDUEMV
kzJWB+4S3NE4gTLeT2KUNt52vCUHl6lcJtrL2cDS0yfFPFLKX0Vunra5KKqiFGhI
R85xNJJg66KvnLsbb7DRLy0+jEo3EHYuj/I5q6tzKTyNqW63mhKvExaS8/DH5G1H
zVgHpyZ2C/DVPXbooxuIWxtx6Z5Wo2TL6mCRGOrbxl+ZLYQW+QAQL7mi5wD8sbG2
g6MU1bybG83Bc8Zx80W1KUUN5Zjtb8JVOO2PnPry4KcLCUkYMKU=
=ySwm
-----END PGP SIGNATURE-----