-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 28 May 2024 08:56:57 +0200
Source: python-pymysql
Architecture: source
Version: 0.9.3-2+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1071628
Changes:
 python-pymysql (0.9.3-2+deb11u1) bullseye-security; urgency=medium
 .
   * CVE-2024-36039: PyMySQL through 1.1.0 allows SQL injection if used with
     untrusted JSON input because keys are not escaped by escape_dict. Applied
     upstream patch: forbid_dict_parameter.patch (Closes: #1071628).
Checksums-Sha1:
 357ba0df0ea70e74d0756d7a7138876b80f7f5d4 2324 python-pymysql_0.9.3-2+deb11u1.dsc
 26207ac507e7b9593816d9b060e52d7a9a9d2eec 86715 python-pymysql_0.9.3.orig.tar.gz
 39eca8afcd43dc3670c08dfe9073298933be4c30 6648 python-pymysql_0.9.3-2+deb11u1.debian.tar.xz
 3954f2d613ca33a11791dd0964be91318e845357 9750 python-pymysql_0.9.3-2+deb11u1_amd64.buildinfo
Checksums-Sha256:
 9daa9535965b2ea9dff2034a2feb571d657ec2eaa60bb68a289c479d1cadd569 2324 python-pymysql_0.9.3-2+deb11u1.dsc
 5a85599a69b51db185f9447ba5034501482496e481574bce972c7dcb5abe1d57 86715 python-pymysql_0.9.3.orig.tar.gz
 ca3565d650c580e509598b5e7dfb550c16c863e3c739d33b52757e6bf8bc483c 6648 python-pymysql_0.9.3-2+deb11u1.debian.tar.xz
 07195d35181d6fb4356782121c345e9b9156e1861777cfc17a68f9f9a64dffbc 9750 python-pymysql_0.9.3-2+deb11u1_amd64.buildinfo
Files:
 1b4617b1718a045ffcd17122130c6b67 2324 python optional python-pymysql_0.9.3-2+deb11u1.dsc
 7afad735628571b6fffd74086ce451b7 86715 python optional python-pymysql_0.9.3.orig.tar.gz
 65545c35069130e979b35320e91c9182 6648 python optional python-pymysql_0.9.3-2+deb11u1.debian.tar.xz
 e9763923b6b442a29b8de2ab7e6c7b04 9750 python optional python-pymysql_0.9.3-2+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmZWzvMACgkQ1BatFaxr
Q/4LdRAAkRb25uh0rg3P+SHY66zh1UtAI0FzFBW1K39JO44Usu/39rch8KWONR3z
izrPSDia2dgbrcs6EVlJO4kp/9RY1Ri0GDrx+Aeuu8GJDgFDEYTx0qwOmGBJMpXU
oQ8awoAHlKpm4maLNx9MonFDNIuZRvVS2iDAuDohxXrN+WPbGd8izRdTahmvFOIA
0sfa4uLwwrspV+xxte+3edr8nGRCu3UlC3m5mW+s0pRvltqZ7pAKBocqCNEua3hm
jRELrRgfINjzgdol24Dc78J9AE3xEBKrW0g5jW3HeHdV5yFpiGaegWQq2r+s2lx7
YayUk09WoFP63/hSmhlhSuVo3hlTy4qZO0SzKqPjNlKanCsL2l9lPwbjh8O+iLex
2tQzmUYwm5OiZ0nUJ4CpYSUYSjvZdKo6oTCvPx0Y8fSP60xmYWH2nL3w8RN271st
zEfPhHs8RIEpidDSHu1jWYfzVT0iaey71HxPJdFvZWZ3Xr/sYxYUVfCmWfkylVkE
UP3jd8pmJEaQeFiF+5u8aaRSFtJ6Hr1ElTx4WC/lOiXHOJGMXvqM3YrCb7+/DegL
ALIRPOpf+uE+//fUS6c1xXqJhA5vMc3p9c6SncCQHxCB8CDF3RTaG100Aybtpe9L
e6n4gjb4CechQIgQs39I5z9gjd3KXR1BnmHEpD1RccvkrQZVBR0=
=w+cC
-----END PGP SIGNATURE-----