[Bug 1993437] Re: Merge python-oauthlib from Debian unstable for l-series
Bryce Harrington
1993437 at bugs.launchpad.net
Wed Nov 9 01:14:06 UTC 2022
This bug was fixed in the package python-oauthlib - 3.2.1-2
---------------
python-oauthlib (3.2.1-2) unstable; urgency=medium
[ Debian Janitor ]
* Remove constraints unnecessary since buster (oldstable)
-- Jelmer Vernooij <jelmer at debian.org> Sun, 16 Oct 2022 18:31:39 +0100
python-oauthlib (3.2.1-1) unstable; urgency=medium
* New upstream version 3.2.1
- Fixes CVE-2022-36087 (Closes: #1019710)
* debian/patches/0001-Add-check-of-performance-of-ipv6-check.patch
debian/patches/0002-Fix-IPV6-regex-used-to-check-redirect_uri.patch
- Cherry pick upstream fix and tests for CVE-2022-36087. Many thanks to
Salvatore Bonaccorso for the report.
* debian/control
- Bump Standards-Version to 4.6.1, no changes required.
-- Daniele Tricoli <eriol at debian.org> Wed, 14 Sep 2022 15:08:45 +0200
** Changed in: python-oauthlib (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-oauthlib in Ubuntu.
https://bugs.launchpad.net/bugs/1993437
Title:
Merge python-oauthlib from Debian unstable for l-series
Status in python-oauthlib package in Ubuntu:
Fix Released
Bug description:
Scheduled-For: ubuntu-22.11
Upstream: tbd
Debian: 3.2.1-2
Ubuntu: 3.2.0-1ubuntu1
### New Debian Changes ###
python-oauthlib (3.2.1-2) unstable; urgency=medium
[ Debian Janitor ]
* Remove constraints unnecessary since buster (oldstable)
-- Jelmer Vernooij <jelmer at debian.org> Sun, 16 Oct 2022 18:31:39
+0100
python-oauthlib (3.2.1-1) unstable; urgency=medium
* New upstream version 3.2.1
- Fixes CVE-2022-36087 (Closes: #1019710)
* debian/patches/0001-Add-check-of-performance-of-ipv6-check.patch
debian/patches/0002-Fix-IPV6-regex-used-to-check-redirect_uri.patch
- Cherry pick upstream fix and tests for CVE-2022-36087. Many thanks to
Salvatore Bonaccorso for the report.
* debian/control
- Bump Standards-Version to 4.6.1, no changes required.
-- Daniele Tricoli <eriol at debian.org> Wed, 14 Sep 2022 15:08:45
+0200
python-oauthlib (3.2.0-1) unstable; urgency=medium
* New upstream version 3.2.0. (Closes: #1005931)
* debian/copyright
- Update copyright years.
-- Daniele Tricoli <eriol at debian.org> Fri, 18 Feb 2022 02:46:03
+0100
python-oauthlib (3.1.1-1) unstable; urgency=medium
[ Ondřej Nový ]
* d/control: Update Maintainer field with new Debian Python Team
contact address.
* d/control: Update Vcs-* fields with new Debian Python Team Salsa
layout.
[ Daniele Tricoli ]
* New upstream version 3.1.1
* Enable Salsa pipeline.
* debian/control
- Bump debhelper compat version to 13.
- Bump Standards-Version to 4.6.0, no changes required.
* debian/copyright
- Update copyright years.
* debian/patches/0001-Use-unittest.mock-instead-of-external-mock.patch
- Drop since it was backported from upstream and it's included in this
release.
* debian/watch
- Bump debian/watch to version 4.
-- Daniele Tricoli <eriol at debian.org> Wed, 25 Aug 2021 16:51:46
+0200
python-oauthlib (3.1.0-2) unstable; urgency=medium
[ Debian Janitor ]
* Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
Repository-Browse.
* Update standards version to 4.5.0, no changes needed.
[ Daniele Tricoli ]
* Add upstream patch to use unittest.mock instead of external mock.
Thanks to Ondřej Nový for the report. (Closes: #962937)
* Remove python3-mock dependency.
* Fix lintian runtime-test-file-uses-installed-python-versions.
-- Daniele Tricoli <eriol at debian.org> Wed, 17 Jun 2020 02:52:07
+0200
python-oauthlib (3.1.0-1) unstable; urgency=medium
* New upstream version 3.1.0 (Closes: #919533)
* Use python-pytest for testing as upstream.
* debian/control
- Bump compat version to 12.
- Specify Rules-Requires-Root: no.
* debian/copyright
- Update copyright years.
-- Daniele Tricoli <eriol at debian.org> Sun, 27 Oct 2019 20:22:14
+0100
python-oauthlib (2.1.0-2) unstable; urgency=medium
* Team upload.
* Use debhelper-compat instead of debian/compat.
* Bump Standards-Version to 4.4.1.
* Drop Python 2 support (Closes: #937964).
-- Ondřej Nový <onovy at debian.org> Mon, 14 Oct 2019 10:42:07 +0200
python-oauthlib (2.1.0-1) unstable; urgency=medium
[ Ondřej Nový ]
* d/control: Set Vcs-* to salsa.debian.org
* d/control: Remove ancient X-Python-Version field
* d/control: Remove ancient X-Python3-Version field
* Convert git repository from git-dpm to gbp layout
[ Daniele Tricoli ]
* New upstream release.
* Add debian/gbp.conf.
* Make sure autopkgtests test the installed version of oauthlib.
### Old Ubuntu Delta ###
python-oauthlib (3.2.0-1ubuntu1) kinetic; urgency=medium
* SECURITY UPDATE: DoS via malicious redirect uri
- debian/patches/CVE-2022-36087-1.patch: add check of performance of
ipv6 check in tests/test_uri_validate.py.
- debian/patches/CVE-2022-36087-2.patch: fix IPV6 regex used to check
redirect_uri in oauthlib/uri_validate.py, tests/test_uri_validate.py.
- CVE-2022-36087
-- Marc Deslauriers <marc.deslauriers at ubuntu.com> Fri, 16 Sep 2022
10:26:11 -0400
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-oauthlib/+bug/1993437/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list