[Python-modules-team] Bug#781813: python-restkit: CVE-2015-2674: incorrect SSL/TLS certificate validation

severity 781813 grave thanks On Fri, Apr 03, 2015 at 02:23:54PM +0200, Salvatore Bonaccorso wrote: > Source: python-restkit > Version: 4.2.2-1 > Severity: important > Tags: security upstream > > Hi, > > the following vulnerability was published for python-restkit. > > CVE-2015-2674[0]: > Doesn'

[Python-modules-team] Bug#799725: Please remove alternate build deps for gstreamer 0.10

On Mon, Sep 21, 2015 at 01:42:13PM -0700, Vincent Cheng wrote: > On Mon, Sep 21, 2015 at 1:31 PM, Moritz Muehlenhoff wrote: > > Source: kivy > > Severity: normal > > > > Hi, > > kivy is using gstreamer 1.0, but still has alternate build-deps/deps > > on gstreamer 0.10: > > > > libgstreamer0.10-dev

[Python-modules-team] Bug#789824: ipython: CVE-2015-4707: XSS in JSON error responses

On Wed, Jun 24, 2015 at 10:29:20PM +0200, Salvatore Bonaccorso wrote: > Source: ipython > Version: 2.1.0-1 > Severity: important > Tags: security upstream fixed-upstream > > Hi, > > the following vulnerability was published for ipython. > > CVE-2015-4707[0]: > IPython XSS in JSON error responses

[Python-modules-team] Bug#781640: Downgrading bug severity

On Fri, Jun 05, 2015 at 12:17:56PM +0200, Moritz Mühlenhoff wrote: > On Fri, Jun 05, 2015 at 03:58:23AM +0200, Daniele Tricoli wrote: > > Hello, > > > > On Sunday 31 May 2015 12:00:17 Moritz Mühlenhoff wrote: > > > What's the status? > > > > Sorry

[Python-modules-team] Bug#781640: Downgrading bug severity

On Fri, Jun 05, 2015 at 03:58:23AM +0200, Daniele Tricoli wrote: > Hello, > > On Sunday 31 May 2015 12:00:17 Moritz Mühlenhoff wrote: > > What's the status? > > Sorry for the delay! I cherry picked and adapted the patch for pyjwt > version in Jessie. I w

[Python-modules-team] Bug#781640: Downgrading bug severity

On Mon, Apr 13, 2015 at 04:25:24PM +0200, Daniele Tricoli wrote: > On Saturday 11 April 2015 14:50:19 Luke Faraone wrote: > > However, the package is vulnerable to the other issue: > > > > - If the secretKey was expected to be a RSA public key, but the attacker > > changed the header to indicate a

[Python-modules-team] Bug#726093: python-scipy: CVE-2013-4251: weave /tmp and current directory issues

On Wed, Oct 23, 2013 at 08:04:17AM +0200, Salvatore Bonaccorso wrote: > Hi Julian, > > On Wed, Oct 23, 2013 at 01:16:36AM +0200, Julian Taylor wrote: > > On 22.10.2013 08:43, Salvatore Bonaccorso wrote: > > > Hi Julian, > > > > > > Cc'ing Julian directly as per short discussion on IRC. > > > > >

[Python-modules-team] Bug#656931: pyxine: FTBFS with xine-lib-1.2

On Sun, Jan 22, 2012 at 10:55:34PM +, Darren Salt wrote: > Source: pyxine > Version: 0.1alpha2 > Severity: important > Usertags: xine-lib-1.2 > > I intend to upload xine-lib-1.2 to unstable soonish. > > pyxine FTBFS with libxine-dev from experimental. There are several changed or > removed in