Your message dated Sat, 31 May 2025 21:32:31 +0000
with message-id <e1ultod-000z1d...@fasolo.debian.org>
and subject line Bug#1103780: fixed in webpy 1:0.62-4+deb12u1
has caused the Debian Bug report #1103780,
regarding webpy: CVE-2025-3818
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1103780: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103780
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: webpy
Version: 1:0.62-5
Severity: important
Tags: security upstream
Forwarded: https://github.com/webpy/webpy/issues/806
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for webpy.
CVE-2025-3818[0]:
| A vulnerability, which was classified as critical, was found in
| webpy web.py 0.70. Affected is the function
| PostgresDB._process_insert_query of the file web/db.py. The
| manipulation of the argument seqname leads to sql injection. It is
| possible to launch the attack remotely. The exploit has been
| disclosed to the public and may be used.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-3818
https://www.cve.org/CVERecord?id=CVE-2025-3818
[1] https://github.com/webpy/webpy/issues/806
[2] https://noppgwz8if.feishu.cn/docx/TxjpddUpTokyBwxibSgcTRr7nUf
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: webpy
Source-Version: 1:0.62-4+deb12u1
Done: Adrian Bunk <b...@debian.org>
We believe that the bug you reported is fixed in the latest version of
webpy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1103...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <b...@debian.org> (supplier of updated webpy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 28 May 2025 20:54:20 +0300
Source: webpy
Architecture: source
Version: 1:0.62-4+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Python Team <team+pyt...@tracker.debian.org>
Changed-By: Adrian Bunk <b...@debian.org>
Closes: 1103780
Changes:
webpy (1:0.62-4+deb12u1) bookworm; urgency=medium
.
* Non-maintainer upload.
* CVE-2025-3818: PostgreSQL SQL Injection (Closes: #1103780)
Checksums-Sha1:
6201831570f8f6dd14d107a3c88af05aaf696f6b 2092 webpy_0.62-4+deb12u1.dsc
163c04ad424047a541324140710c05e267546ace 104552 webpy_0.62.orig.tar.gz
7557b568c1ef4e73757a1fd177abb8f88d6400b2 5228
webpy_0.62-4+deb12u1.debian.tar.xz
Checksums-Sha256:
52e0b041dd2d5cd2596fa0d7588bf1257269a8a27eaee778beff533ed3d35d7a 2092
webpy_0.62-4+deb12u1.dsc
c1d330fca423aaef2949a53d7cddaa23de2275ec7b034a886582cdcce7e09d3c 104552
webpy_0.62.orig.tar.gz
e2dc4ee42f86a1ca772c6870a1775c3f3e4b3c605272549981578cc0ad4043de 5228
webpy_0.62-4+deb12u1.debian.tar.xz
Files:
79205f40d907a08560610e9c74f4241c 2092 python optional webpy_0.62-4+deb12u1.dsc
78110fdfe9efa5848cafdcff9f31b43d 104552 python optional webpy_0.62.orig.tar.gz
0ee48ed2501815c0fe0f78d506e128c4 5228 python optional
webpy_0.62-4+deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmg7ICAACgkQiNJCh6LY
mLEpmg//UmXjeNNIVG+P5kfbF+M0cjartQsNSTQ93MYmia4X9XvQj9suLNU1RT4V
I3Fh68SCPZcnb3ehgDLPW/q5QbKVurFw9ji8G00Cg1V8LzRJuCvy3XxpG6/30NAx
r3Ttq5x/BuOgBbu8kYY5u9dOMpuXOdPFaGN1bPkfaNX+znKIQg/TQCZ8yIQlcwIS
nI+HvkY9e3bXuWuTw6Cdzu8Brwxwo987v2Ym8qwqwohYejE4el7lmpzBwNaH+VKL
5pHP1AcLIn872at5bfjJMljwWkCmkcD/Y17ebUX7natPeAhqBpVD4d1tC7b0eLWd
tmW/LkNOAxfYvCD4Ur56259VBJJsRuj/VB/1yS6MLmwT3lZi2h61rk9UyKlOi2qL
wFCq8ghV+5cqLP4R+Z8dtDMAFkLWLXp82V/naN2IdO55ioIzYL6WX07LRS1rCloc
rhj6BKEV9wkH2BWPL9O4Q4v+Jym2niHXZnGuba+qlnYVq6H9L1x3J4k5YHIewNTy
y+EgwVWYlXV11wKUqTw1OVGT3KYqKOlqA5LJTHp3DyjLWAjs/U2TdAkuMCE/+llU
4N1zsNYCt4LbGntc7eNP0slOzShtvqmmaMxvtN2sswoRntRSBWstjxhywDBjwr1L
I4y0zxF20MAi4exZpzqFK4bk0ppkEPZaz01d0qNnGk27zSsdLWk=
=53Zw
-----END PGP SIGNATURE-----
pgpLQrwjkz8b5.pgp
Description: PGP signature
--- End Message ---
