[Bug 1891484] Re: python-pymysql ftbfs in focal

Launchpad Bug Tracker 1891484 at bugs.launchpad.net
Thu May 30 11:34:59 UTC 2024 

This bug was fixed in the package python-pymysql - 0.9.3-2ubuntu3.1

---------------
python-pymysql (0.9.3-2ubuntu3.1) focal-security; urgency=medium

  * SECURITY UPDATE: SQL injection via untrusted JSON input
    - debian/patches/CVE-2024-36039.patch: forbid dict parameter in
      pymysql/converters.py, pymysql/tests/test_connection.py.
    - CVE-2024-36039
  * Fix FTBFS caused by MySQL deprecation warnings (LP: #1891484)
    - debian/patches/disable_warnings.patch: disable auto show warnings in
      some tests as newer MySQL versions have some deprecation warnings
      that break test results.

 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Tue, 28 May 2024
13:36:35 -0400

** Changed in: python-pymysql (Ubuntu)
       Status: Confirmed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-36039

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-pymysql in Ubuntu.
https://bugs.launchpad.net/bugs/1891484

Title:
  python-pymysql ftbfs in focal

Status in python-pymysql package in Ubuntu:
  Fix Released

Bug description:
  seen in a focal test rebuild:
  https://launchpad.net/ubuntu/+archive/test-rebuild-20200810-focal/+build/19799887

  
  ======================================================================
  ERROR: test_issue_288 (pymysql.tests.test_basic.TestBulkInserts)
  executemany should work with "insert ... on update"
  ----------------------------------------------------------------------
  Traceback (most recent call last):
    File "/<<PKGBUILDDIR>>/pymysql/tests/test_basic.py", line 360, in test_issue_288
      cursor.executemany("""insert
    File "/<<PKGBUILDDIR>>/pymysql/cursors.py", line 195, in executemany
      return self._do_execute_many(q_prefix, q_values, q_postfix, args,
    File "/<<PKGBUILDDIR>>/pymysql/cursors.py", line 234, in _do_execute_many
      rows += self.execute(sql + postfix)
    File "/<<PKGBUILDDIR>>/pymysql/cursors.py", line 170, in execute
      result = self._query(query)
    File "/<<PKGBUILDDIR>>/pymysql/cursors.py", line 329, in _query
      self._do_get_result()
    File "/<<PKGBUILDDIR>>/pymysql/cursors.py", line 353, in _do_get_result
      self._show_warnings()
    File "/<<PKGBUILDDIR>>/pymysql/cursors.py", line 369, in _show_warnings
      warnings.warn(err.Warning(*w[1:3]), stacklevel=4)
  pymysql.err.Warning: (1287, "'VALUES function' is deprecated and will be removed in a future release. Please use an alias (INSERT INTO ... VALUES (...) AS alias) and replace VALUES(col) in the ON DUPLICATE KEY UPDATE clause with alias.col instead")

  ----------------------------------------------------------------------
  Ran 172 tests in 5.296s

  FAILED (errors=1, skipped=17, expected failures=1)
  No garbages!
  E: pybuild pybuild:341: test: plugin custom failed with: exit code=1: debian/run_tests.sh python3.8

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-pymysql/+bug/1891484/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list