GNU bug report logs - #47319
python-lxml is vulnerable to CVE-2021-28957

Previous Next

Package: guix;

Reported by: Léo Le Bouter <lle-bout <at> zaclys.net>

Date: Mon, 22 Mar 2021 14:10:02 UTC

Severity: normal

Tags: security

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Mark H Weaver <mhw <at> netris.org>
To: Leo Famulari <leo <at> famulari.name>, 47319 <at> debbugs.gnu.org
Subject: bug#47319: python-lxml is vulnerable to CVE-2021-28957
Date: Mon, 05 Apr 2021 19:54:54 -0400

Leo Famulari <leo <at> famulari.name> writes:

> On Mon, Mar 22, 2021 at 03:09:24PM +0100, Léo Le Bouter via Bug reports for GNU Guix wrote:
>> Has lots of dependents so I suppose it needs grafting? Is that useful
>> and does it work for Python packages?
>
> Grafting Python packages is not something we've done in the past, as far
> as I can tell from reading the Git log, although I don't recall know if
> it works or not.

I see no reason why grafting a python package wouldn't work, although
admittedly my knowledge of Python is weak.

      Mark

This bug report was last modified 3 years and 67 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #47319 python-lxml is vulnerable to CVE-2021-28957

GNU bug report logs - #47319
python-lxml is vulnerable to CVE-2021-28957