Your message dated Tue, 29 Oct 2019 21:17:08 +0000
with message-id <[email protected]>
and subject line Bug#940935: fixed in python-werkzeug 0.14.1+dfsg1-4+deb10u1
has caused the Debian Bug report #940935,
regarding python-werkzeug: CVE-2019-14806
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
940935: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940935
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-werkzeug
Version: 0.14.1+dfsg1-4
Severity: normal
Tags: security upstream
Hi,
The following vulnerability was published for python-werkzeug.
CVE-2019-14806[0]:
| Pallets Werkzeug before 0.15.3, when used with Docker, has
| insufficient debugger PIN randomness because Docker containers share
| the same machine id.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-14806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14806
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-werkzeug
Source-Version: 0.14.1+dfsg1-4+deb10u1
We believe that the bug you reported is fixed in the latest version of
python-werkzeug, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ondřej Nový <[email protected]> (supplier of updated python-werkzeug package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 23 Oct 2019 17:48:51 +0200
Source: python-werkzeug
Binary: python-werkzeug python-werkzeug-doc python3-werkzeug
Architecture: source all
Version: 0.14.1+dfsg1-4+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Python Modules Packaging Team
<[email protected]>
Changed-By: Ondřej Nový <[email protected]>
Description:
python-werkzeug - collection of utilities for WSGI applications (Python 2.x)
python-werkzeug-doc - documentation for the werkzeug Python library (docs)
python3-werkzeug - collection of utilities for WSGI applications (Python 3.x)
Closes: 940935
Changes:
python-werkzeug (0.14.1+dfsg1-4+deb10u1) buster; urgency=medium
.
* Unique debugger PIN in Docker containers
(Closes: #940935, CVE-2019-14806)
Checksums-Sha1:
ddaee9a9bd2b472fe5b919d6d366f19398be767e 2609
python-werkzeug_0.14.1+dfsg1-4+deb10u1.dsc
11afb67a744dcca609b25881e50b961922dc4db1 8824
python-werkzeug_0.14.1+dfsg1-4+deb10u1.debian.tar.xz
7dff20bdc0430c2e23fabbd4d222eadc987c4d95 911456
python-werkzeug-doc_0.14.1+dfsg1-4+deb10u1_all.deb
56d11cc488a7cfa2b25853ae8162f0dd0ba9d579 195800
python-werkzeug_0.14.1+dfsg1-4+deb10u1_all.deb
b18e93b95120504d262f5441c37f35fdde9ce280 9573
python-werkzeug_0.14.1+dfsg1-4+deb10u1_amd64.buildinfo
9505f50ee52c5d8f53ef2a9a570c02fcd3a494a1 195844
python3-werkzeug_0.14.1+dfsg1-4+deb10u1_all.deb
Checksums-Sha256:
27d29fb178e897d6fea0dc61cd5b96456fdd942c85de05d0c22360f3828a5134 2609
python-werkzeug_0.14.1+dfsg1-4+deb10u1.dsc
08d97bd48f399e195d8df91575e243225efea0fa5ca5435e911f560c8732bb4d 8824
python-werkzeug_0.14.1+dfsg1-4+deb10u1.debian.tar.xz
7b98ac0b5c45009dd568777ddffe367eccca21ac21554a18833e42596953d7d8 911456
python-werkzeug-doc_0.14.1+dfsg1-4+deb10u1_all.deb
c0733c17651f04936749c65061482cbc93fd99d230ce8a6f56332089a2dc0876 195800
python-werkzeug_0.14.1+dfsg1-4+deb10u1_all.deb
9cd5eeb1884bf0fbb333d04e1b058429ad22a496e68c96d8cc4d8100c1762680 9573
python-werkzeug_0.14.1+dfsg1-4+deb10u1_amd64.buildinfo
f256ff2da75166a77393c656c14636725c2504498258e92122b75cfc425ea0f8 195844
python3-werkzeug_0.14.1+dfsg1-4+deb10u1_all.deb
Files:
5627c64a7559d3bb817e58207e4c10fd 2609 python optional
python-werkzeug_0.14.1+dfsg1-4+deb10u1.dsc
eaba991bddcc5b5bb451fcb00eb08028 8824 python optional
python-werkzeug_0.14.1+dfsg1-4+deb10u1.debian.tar.xz
d9d9bcf6621ddeae987d6dc592a9107d 911456 doc optional
python-werkzeug-doc_0.14.1+dfsg1-4+deb10u1_all.deb
37698201c047e9489f24c15408bcb89c 195800 python optional
python-werkzeug_0.14.1+dfsg1-4+deb10u1_all.deb
9c7810f279864951b0cf8b2928a2d9f9 9573 python optional
python-werkzeug_0.14.1+dfsg1-4+deb10u1_amd64.buildinfo
604a5223ac58cd039c3a519cacc34b88 195844 python optional
python3-werkzeug_0.14.1+dfsg1-4+deb10u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEPZg8UuuFmAxGpWCQNXMSVZ0eBksFAl2weHoACgkQNXMSVZ0e
BkupcA//bOSmrjI21DHnOU448zsZJxW5jy6FS4NEJd3m8Ne1tUYwzCli7hWEgHOh
V5FI9moMNedZzo7R/PUzK0HK2ggEDb4R9OpqU7UBAtZ5KfQgmXsMCDahVyO4xjbg
iH9lu/A4vp2AUqAEEO0BgnnOYXMqDY1eW/CyG1lefR/2X3nzMlUL/M3QazYBygGM
K8JgIfHzvZjVMZUQUscGVrhmQU/6PcGY6e8siFjgnREBv7xnZRuGfXN28vQgS1Dm
e5p7ft1c1VvcRSwsoJjBMqPCmnG82J25KdTekyc90w24LNDb8KT1etQiVFk1XiA9
3+AEHD8kOo6LRl6myMpXh2LcZ/GdVWIFnRtMP4uhpEZ8UTU6gU0na/D80iVcQpK2
ty+L/PQevIAlOBug/AKlVBGa+DDbAGsaF0CecBhQTLEXW+bKARP0Ri+tjR/YpIKG
EJj0CWbQhl/SPKcaR7NRiz2IwnV/zo0nxFtgnMYGvUJ4vpjm+kqFJOEum5WUNQep
DP5awNN0c/hOd+z4m1ASDrgNBXwE6Rp73RQqKOiLFYn0Ae5Nwl5MCQRfTKeES2EK
zoLsQWvrQnAdHILO1fT84lzVzZNxo/yHL2Ze6fzci+kiEuVlrSZLi2CwDI7PfdpY
kGUDw5rgt6gr/1XYfWOGaaRKQ2pZVXXFUVDuJST1dgmpYXJ+4RA=
=SmOS
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
