Fay Stegerman wrote:
> Actually, whilst the cause is also cpython#110016, this is [1], not #1068705.
> This one is not a regression (which presumably means (1) and (2) do not apply)
> as it only affects our MozillaZipContainer monkeypatch, which is not exactly
> supported by upstream cpython as these are not valid ZIP files. So the
> relevant
> patch to backport is [2].
>
> Semi-related, I'm wondering if the removal of marshal.load() [3] is worth
> backporting at the same time, given the security implications.
I've prepared a 240+deb12u1 package and proposed both for inclusion in
the next stable point release, the status of which can be tracked via
#1079689.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org 🍥 chris-lamb.co.uk
`-
