Your message dated Wed, 28 May 2025 19:21:19 +0300 with message-id <aDc3/zB7R33dY5C4@localhost> and subject line Fixed in 1:0.62-6 has caused the Debian Bug report #1103780, regarding webpy: CVE-2025-3818 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1103780: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103780 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: webpy Version: 1:0.62-5 Severity: important Tags: security upstream Forwarded: https://github.com/webpy/webpy/issues/806 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for webpy. CVE-2025-3818[0]: | A vulnerability, which was classified as critical, was found in | webpy web.py 0.70. Affected is the function | PostgresDB._process_insert_query of the file web/db.py. The | manipulation of the argument seqname leads to sql injection. It is | possible to launch the attack remotely. The exploit has been | disclosed to the public and may be used. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-3818 https://www.cve.org/CVERecord?id=CVE-2025-3818 [1] https://github.com/webpy/webpy/issues/806 [2] https://noppgwz8if.feishu.cn/docx/TxjpddUpTokyBwxibSgcTRr7nUf Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Version: 1:0.62-6 webpy (1:0.62-6) unstable; urgency=medium ... * d/patches/CVE-2025-3818.patch: Add patch from usptream to fix CVE-2025-3818. ... -- Emmanuel Arias <eam...@debian.org> Fri, 09 May 2025 20:55:15 -0300
--- End Message ---
