Control: notfound -1 2.7.15-6 Control: notfound -1 2.7.15-5 Control: fixed -1 2.7.15-5
Hi, On Fri, Feb 01, 2019 at 10:40:26AM +0100, Salvatore Bonaccorso wrote: > Control: reopen -1 > Control: found -1 2.7.15-6 > Hi > > On Fri, Feb 01, 2019 at 08:51:07AM +0000, Debian Bug Tracking System wrote: > > - CVE-2018-14647: _elementtree.c doesn't call XML_SetHashSalt(). > > Closes: #921039. > > The change > https://github.com/python/cpython/commit/18b20bad75b4ff0486940fba4ec680e96e70f3a2 > though does not seem to be applied looking at the debdiff from > 2.7.15-5 to 2.7.15-6. > > Can you please recheck, and if I'm wrong please hilight me what am I > missing? To answer my question: the fix is actually already included in the git-updates.diff patch as uploaded in the -5 revision. Thus the diff was not spotted in the debdiff between -5 and -6 causing the confusion. Regards, Salvatore