Univention Bugzilla – Bug 56760
python-reportlab: Multiple issues (4.4)
Last modified: 2023-11-09 13:32:43 CET
New Debian python-reportlab 3.3.0-2+deb9u2 fixes: This update addresses the following issues: 3.3.0-2+deb9u2 (Wed, 11 Oct 2023 20:30:15 +0100) * Non-maintainer upload by the ELTS Security Team. * Add ignore-missing-hyphen.mashed.patch to fix the build. * Backport upstream fix for CVE-2019-19450. * Backport upstream fix for CVE-2020-28463.
--- mirror/ftp/4.4/unmaintained/4.4-5/source/python-reportlab_3.3.0-2+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-9/source/python-reportlab_3.3.0-2+deb9u2.dsc @@ -1,3 +1,10 @@ +3.3.0-2+deb9u2 [Wed, 11 Oct 2023 20:30:15 +0100] Sean Whitton <spwhitton@spwhitton.name>: + + * Non-maintainer upload by the ELTS Security Team. + * Add ignore-missing-hyphen.mashed.patch to fix the build. + * Backport upstream fix for CVE-2019-19450. + * Backport upstream fix for CVE-2020-28463. + 3.3.0-2+deb9u1 [Fri, 24 Apr 2020 23:58:32 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/4.4-9/#2798368199129274841>
New dependency: libart-lgpl
--- mirror/ftp/4.4/unmaintained/4.4-5/source/python-reportlab_3.3.0-2+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-9/source/python-reportlab_3.3.0-2+deb9u2.dsc @@ -1,3 +1,10 @@ +3.3.0-2+deb9u2 [Wed, 11 Oct 2023 20:30:15 +0100] Sean Whitton <spwhitton@spwhitton.name>: + + * Non-maintainer upload by the ELTS Security Team. + * Add ignore-missing-hyphen.mashed.patch to fix the build. + * Backport upstream fix for CVE-2019-19450. + * Backport upstream fix for CVE-2020-28463. + 3.3.0-2+deb9u1 [Fri, 24 Apr 2020 23:58:32 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/4.4-9/#5307977833535627520>
<http://piuparts.knut.univention.de/4.4-9/#5307977833535627520>
"libart-lgpl" in only found in 3.0-0, 4.0-0 and 5.0-[0-5], but not 4.0-1…4.4-9: <https://univention-dist-binpkg-webgui.k8s.knut.univention.de/source/libart-lgpl/> But the package in only in *un*maintained: it never got included in any "dists/**/Packages" as that is only used for installation, which depends only on the maintained set. But it is used by "piuparts" as it requires a single APT source. This is okay as only maintained *source* packages are check for errata. A regular UCS installation never uses the "dists/**/Packages", but the "4.?/maintained/4.?-?/$arch/Packages" files. But bin:"python-renderpm" is from src:"python-reportlab" but *un*maintained; only bin:"python-reportlab" is maintained: python-univention-directory-reports --dep--> python-trml2pdf --dep--> python-reportlab --rec--> python-renderpm --dep--> libart-2.0-2 No-one ever bothered to make src:"python-reportlab" itself maintained, so "libart-lgpl" remains unmaintained and piupart fails: - bin:"python-renderpm" is unmaintained - bin:"python-renderpm" depends on src:"libart-lgpl", which is also unmaintained - dists/**/Packages only contains maintained packages $ cd apt/ $ grep-dctrl -l -s Filename --whole-pkg -S libart-lgpl ucs_4.?-0{,-{ucs,errata}4.?-?}/{,dists/*/main/binary-}amd64/Packages ucs_4.0-0/amd64/Packages ucs_4.0-0/dists/ucs400/main/binary-amd64/Packages ucs_4.1-0/dists/ucs410/main/binary-amd64/Packages ucs_4.2-0/dists/ucs420/main/binary-amd64/Packages ucs_4.3-0/dists/ucs430/main/binary-amd64/Packages ucs_4.4-0/dists/ucs440/main/binary-amd64/Packages ucs_4.0-0-ucs4.0-1/dists/ucs401/main/binary-amd64/Packages ucs_4.0-0-ucs4.0-2/dists/ucs402/main/binary-amd64/Packages ucs_4.0-0-ucs4.0-3/dists/ucs403/main/binary-amd64/Packages ucs_4.0-0-ucs4.0-4/dists/ucs404/main/binary-amd64/Packages ucs_4.0-0-ucs4.0-5/dists/ucs405/main/binary-amd64/Packages ucs_4.1-0-ucs4.1-1/dists/ucs411/main/binary-amd64/Packages ucs_4.1-0-ucs4.1-2/dists/ucs412/main/binary-amd64/Packages ucs_4.1-0-ucs4.1-3/dists/ucs413/main/binary-amd64/Packages ucs_4.1-0-ucs4.1-4/dists/ucs414/main/binary-amd64/Packages ucs_4.1-0-ucs4.1-5/dists/ucs415/main/binary-amd64/Packages ucs_4.2-0-ucs4.2-1/dists/ucs421/main/binary-amd64/Packages ucs_4.2-0-ucs4.2-2/dists/ucs422/main/binary-amd64/Packages ucs_4.2-0-ucs4.2-3/dists/ucs423/main/binary-amd64/Packages ucs_4.2-0-ucs4.2-4/dists/ucs424/main/binary-amd64/Packages ucs_4.2-0-ucs4.2-5/dists/ucs425/main/binary-amd64/Packages ucs_4.3-0-ucs4.3-1/dists/ucs431/main/binary-amd64/Packages ucs_4.3-0-ucs4.3-2/dists/ucs432/main/binary-amd64/Packages ucs_4.3-0-ucs4.3-3/dists/ucs433/main/binary-amd64/Packages ucs_4.3-0-ucs4.3-4/dists/ucs434/main/binary-amd64/Packages ucs_4.3-0-ucs4.3-5/dists/ucs435/main/binary-amd64/Packages ucs_4.4-0-ucs4.4-1/dists/ucs441/main/binary-amd64/Packages ucs_4.4-0-ucs4.4-2/dists/ucs442/main/binary-amd64/Packages ucs_4.4-0-ucs4.4-3/dists/ucs443/main/binary-amd64/Packages ucs_4.4-0-ucs4.4-4/dists/ucs444/main/binary-amd64/Packages ucs_4.4-0-ucs4.4-5/dists/ucs445/main/binary-amd64/Packages ucs_4.4-0-ucs4.4-6/dists/ucs446/main/binary-amd64/Packages ucs_4.4-0-ucs4.4-7/dists/ucs447/main/binary-amd64/Packages ucs_4.4-0-ucs4.4-8/dists/ucs448/main/binary-amd64/Packages ucs_4.4-0-ucs4.4-9/dists/ucs449/main/binary-amd64/Packages ucs_4.4-0-errata4.4-9/amd64/Packages ucs_4.0-0-errata4.0-0/dists/ucs400/main/binary-amd64/Packages ucs_4.0-0-errata4.0-1/dists/ucs401/main/binary-amd64/Packages ucs_4.0-0-errata4.0-2/dists/ucs402/main/binary-amd64/Packages ucs_4.0-0-errata4.0-3/dists/ucs403/main/binary-amd64/Packages ucs_4.0-0-errata4.0-4/dists/ucs404/main/binary-amd64/Packages ucs_4.0-0-errata4.0-5/dists/ucs405/main/binary-amd64/Packages ucs_4.1-0-errata4.1-0/dists/ucs410/main/binary-amd64/Packages ucs_4.1-0-errata4.1-1/dists/ucs411/main/binary-amd64/Packages ucs_4.1-0-errata4.1-2/dists/ucs412/main/binary-amd64/Packages ucs_4.1-0-errata4.1-3/dists/ucs413/main/binary-amd64/Packages ucs_4.1-0-errata4.1-4/dists/ucs414/main/binary-amd64/Packages ucs_4.2-0-errata4.2-0/dists/ucs420/main/binary-amd64/Packages ucs_4.2-0-errata4.2-1/dists/ucs421/main/binary-amd64/Packages ucs_4.2-0-errata4.2-2/dists/ucs422/main/binary-amd64/Packages ucs_4.2-0-errata4.2-3/dists/ucs423/main/binary-amd64/Packages ucs_4.2-0-errata4.2-5/dists/ucs425/main/binary-amd64/Packages ucs_4.3-0-errata4.3-0/dists/ucs430/main/binary-amd64/Packages ucs_4.3-0-errata4.3-1/dists/ucs431/main/binary-amd64/Packages ucs_4.3-0-errata4.3-2/dists/ucs432/main/binary-amd64/Packages ucs_4.3-0-errata4.3-3/dists/ucs433/main/binary-amd64/Packages ucs_4.3-0-errata4.3-4/dists/ucs434/main/binary-amd64/Packages ucs_4.3-0-errata4.3-5/dists/ucs435/main/binary-amd64/Packages ucs_4.4-0-errata4.4-0/dists/ucs440/main/binary-amd64/Packages ucs_4.4-0-errata4.4-1/dists/ucs441/main/binary-amd64/Packages ucs_4.4-0-errata4.4-2/dists/ucs442/main/binary-amd64/Packages ucs_4.4-0-errata4.4-3/dists/ucs443/main/binary-amd64/Packages ucs_4.4-0-errata4.4-4/dists/ucs444/main/binary-amd64/Packages ucs_4.4-0-errata4.4-5/dists/ucs445/main/binary-amd64/Packages ucs_4.4-0-errata4.4-6/dists/ucs446/main/binary-amd64/Packages ucs_4.4-0-errata4.4-7/dists/ucs447/main/binary-amd64/Packages ucs_4.4-0-errata4.4-8/dists/ucs448/main/binary-amd64/Packages ucs_4.4-0-errata4.4-9/dists/ucs449/main/binary-amd64/Packages $ cd mirror/ftp/ $ grep-dctrl -l -s Filename --whole-pkg -S libart-lgpl 4.?/{,un}maintained/4.?-?/amd64/Packages 4.0/unmaintained/4.0-0/amd64/Packages
OK: bug OK: yaml OK: announce_errata OK: patch ~OK: piuparts bin:"python-renderpm" is unmaintained and requires the unmaintained src:"libart-lgpl" [4.4-9] da20005a3b Bug #56760: python-reportlab 3.3.0-2+deb9u2 doc/errata/staging/python-reportlab.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-9] c1a6dccb2c Bug #56760: python-reportlab 3.3.0-2+deb9u2 doc/errata/staging/python-reportlab.yaml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) [4.4-9] 2a79663fc9 Bug #56760: python-reportlab 3.3.0-2+deb9u2 doc/errata/staging/python-reportlab.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1514> <https://errata.software-univention.de/#/?erratum=4.4x1515>