Your message dated Sat, 25 Jan 2020 01:34:38 +0000 with message-id <e1ivalo-000hvd...@fasolo.debian.org> and subject line Bug#933917: fixed in knot 2.7.8-1 has caused the Debian Bug report #933917, regarding src:knot: Unsafe use of yaml.load() to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 933917: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933917 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: src:knot Version: 2.7.6-2 Severity: grave Tags: security Justification: user security hole The new version of pyyaml no longer allows use of yaml.load() without a loader being specifed. This raises a deprecation warning which has caused and autopkgtest failure on this package. These are generally trivial to fix, see the upstream guidance [1]. Scott K [1] https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation
--- End Message ---
--- Begin Message ---Source: knot Source-Version: 2.7.8-1 We believe that the bug you reported is fixed in the latest version of knot, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 933...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Robert Edmonds <edmo...@debian.org> (supplier of updated knot package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 24 Jan 2020 19:48:01 -0500 Source: knot Architecture: source Version: 2.7.8-1 Distribution: unstable Urgency: medium Maintainer: knot packagers <k...@packages.debian.org> Changed-By: Robert Edmonds <edmo...@debian.org> Closes: 925905 933285 933917 Changes: knot (2.7.8-1) unstable; urgency=medium . * New upstream version 2.7.8 . [ Daniel Salzman ] * Remove resolved lintian-overrides * Don't require libcap-ng-dev on kfreebsd-i386, kfreebsd-amd64, and hurd-i386 * Update copyright (Closes: #925905) * Fix typo in copyright * Don't include pdf to doc package * Fix unsafe usage of yaml.load() (Closes: #933917) . [ Diederik de Haas ] * Remove knslookup from description as it is not provided. . [ Santiago Ruano Rincón ] * Revert changes about excluding pdf files in distro/deb/rules, moving them to debian/rules (Closes: #933285) . [ Robert Edmonds ] * debian/gbp.conf: Set "upstream-branch = upstream/2.7" * debian/gbp.conf: [import-orig] Also filter config.guess, config.sub * debian/patches/0003-correct-kdig-documentation-about-no-crypto.patch: Remove, applied upstream * debian/control: Add myself to Uploaders * debian/control: Bump Standards-Version to 4.5.0 (no changes) * debian/copyright: Fix path to src/libdnssec/contrib/vpool/ files Checksums-Sha1: 18715b0ff6f766b057f9af2470bf5c17ff42400f 3096 knot_2.7.8-1.dsc 81500127e7c14b0426510be5ba94ce7d36c50273 1158284 knot_2.7.8.orig.tar.xz 3d8dd87777208ce885a6b9060ba37b1e0e4d7baf 833 knot_2.7.8.orig.tar.xz.asc 40c0ca6a3fbf4479d70665ea7caa2c8c7473d277 33012 knot_2.7.8-1.debian.tar.xz 9b4fd7dadaa262612cf2efcbc4803b94263d8ebd 12101 knot_2.7.8-1_amd64.buildinfo Checksums-Sha256: 24a426ec3669bbcfffc6b1bddfb9150a4a38f3109b2237728e8cf06ed26a0fe1 3096 knot_2.7.8-1.dsc b641730278479d04e7c1ff202989ae74e0e7c1cf203b873853a79d3d130f4c15 1158284 knot_2.7.8.orig.tar.xz 4c892204611f974c62378607fd58732f85297d6c8a9dbf02809caf72d9de7d64 833 knot_2.7.8.orig.tar.xz.asc 4c4d4cb995342972fe63f72cabcbf442f7fcc4a6e27e2b72468a7e17c9d09855 33012 knot_2.7.8-1.debian.tar.xz 09ccc4e47ea4276522ae873612d0076b3c9567d8c49f3f946e7fc5148e04d8d1 12101 knot_2.7.8-1_amd64.buildinfo Files: 44ccfd78058d64e18dc338ffb7b096ba 3096 net optional knot_2.7.8-1.dsc f4b5110e23b08d1ffb5be650a54aba02 1158284 net optional knot_2.7.8.orig.tar.xz eccf526fc3c787288d82e2b6f39c5536 833 net optional knot_2.7.8.orig.tar.xz.asc 925ab12a6cb033d1e181103baa48836c 33012 net optional knot_2.7.8-1.debian.tar.xz c7c09d5d9d6dd02bf7e6821a69f3cd46 12101 net optional knot_2.7.8-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE3z2W7rOCeCDzAmZcAYF6sKr2za4FAl4rlBwACgkQAYF6sKr2 za48sw//TIq2TEoxf1O2rSB3yr+vMBbxb9lpBwwYF0S756QsusYO+CSUeC32K9y0 AqeEeuImT1ped9J80zwF6lATbF+Ok87hVCPH5jTvXOxdUFfBH/g+OaWui0MGX8TL qqDlYhR+ZmZiHzFJD3ckm+8NzZ6DEH8SLsbuDPLnoEjJeSVP6yR9ZXI26Rc0rAou e3yZNSbiaA36vMTYbPTgJdrl9yPlkpASNgv7i3YG5MaLFCe0f5aSdxPrlZ716cbi PfZNgcqLNHrtsnzWSJPZNPbVZt0M1ydg4WWlF5/5n/PIsXG7yxmhzTfgneV18qq4 LMgktEyOnA2T938hcwPFo8OzR1TY4AEs6v036CvxFvNPzMQp/aRjvMJHPizC1uUF x78XN5UKZ99sPAMDMoVo8fmP0SnjVZ5k3Ek5fqo1b2zM1kKf0RxbO4EiaozVs03D oNJnJnkjPwLPldnI4ltTOcV2uuFp5Z9VwuI+10Y3KcCbJ1HIzhWMYkI9+pkxfAuO 54Na4Ws1wY+CHjqwPYzH0g6E6AHW2wYT2RrlQ2vB0sChwhtJ9ImwhkBs+XcPaq7x SPmopLX1rz9xHac9jNig3EPddMhdcJD7GuH4BJ1efks6rwV0ckw9iOblUkIenjbi U9qVoPifrKiho/vfG05owamrBZHScRUX+fcBBmFPxBXglco2qsc= =eN8j -----END PGP SIGNATURE-----
--- End Message ---
