Source: python-pymysql X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for python-pymysql. We should also fix this in a DSA, could you prepare debdiffs for bookworm-security and bullseye-security? CVE-2024-36039[0]: | PyMySQL through 1.1.0 allows SQL injection if used with untrusted | JSON input because keys are not escaped by escape_dict. https://github.com/advisories/GHSA-v9hf-5j83-6xpp https://github.com/PyMySQL/PyMySQL/commit/521e40050cb386a499f68f483fefd144c493053c (v1.1.1) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-36039 https://www.cve.org/CVERecord?id=CVE-2024-36039 Please adjust the affected versions in the BTS as needed.
