-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 28 May 2024 08:15:32 +0200
Source: python-pymysql
Architecture: source
Version: 1.0.2-2+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1071628
Changes:
 python-pymysql (1.0.2-2+deb12u1) bookworm-security; urgency=medium
 .
   * CVE-2024-36039: PyMySQL through 1.1.0 allows SQL injection if used with
     untrusted JSON input because keys are not escaped by escape_dict. Applied
     upstream patch: forbid_dict_parameter.patch (Closes: #1071628).
Checksums-Sha1:
 6ec696841cea1194260258aec8240ba940819b9c 2306 python-pymysql_1.0.2-2+deb12u1.dsc
 3269e63ad14bc5ad5f1145a7b2e1b3f12da83f77 84985 python-pymysql_1.0.2.orig.tar.gz
 d29beeba5f5e6a1d155847510c8bc48bf29e94e1 7800 python-pymysql_1.0.2-2+deb12u1.debian.tar.xz
 81d3a7bf817a8d6492da52fb74a0a408de6da04e 9754 python-pymysql_1.0.2-2+deb12u1_amd64.buildinfo
Checksums-Sha256:
 74dc5ec5575eaf7e50cf14ff665e0e59c29ff310fbe7a46d57e963dbc42ef332 2306 python-pymysql_1.0.2-2+deb12u1.dsc
 44b19ebe16baa52b74b7d835bdaaf732bb83725339dca307fe0900439adddb6d 84985 python-pymysql_1.0.2.orig.tar.gz
 a56cfb010b18744ea3324faf719912ccc39f6f6dfb071fe72a797e1f8f03e99f 7800 python-pymysql_1.0.2-2+deb12u1.debian.tar.xz
 2ac63a6638f0ee056883ae61be04684d1ded8ae9a0043516bf40d328c61fd9d5 9754 python-pymysql_1.0.2-2+deb12u1_amd64.buildinfo
Files:
 2aa5407a565a228eb3ce7f82f001ead7 2306 python optional python-pymysql_1.0.2-2+deb12u1.dsc
 53c2cf64b0a583dbd14c24d3a8ac46ca 84985 python optional python-pymysql_1.0.2.orig.tar.gz
 8e9f153e6b85d51192a3761d9863757c 7800 python optional python-pymysql_1.0.2-2+deb12u1.debian.tar.xz
 3ba027da8f3d5d394babe013ab1d1641 9754 python optional python-pymysql_1.0.2-2+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmZWz0kACgkQ1BatFaxr
Q/767Q//WUNozOnFTCLW9SnU7WqtgQnB/yBRgknK5VImy5SEn6RMdzXIVstkabU8
J1ltzrpI5xe6iTW/mlr1nQFuy7x3Z/CUhk+CLu13XNAp1oLmG5fzBRdje47uHP9l
fU/fpL4BzLjCwpsu9h3L9VYj/9QiVdxC5WMjY/8KnqvcEE6xaoU8X+fGaC6osS2D
m3xuEqecCU5PwzY1u2r3YEQaB5HadAGgKvM5Cl5DB7hP4crTpzPjXLFwkRTRIj20
zesVwDEdMVw7e3H9pVC+rwpn4QNp5MxKPgtj6yb16mFBicVk+neUACc34U546yWv
gWraGRWIlDcpPIDJMGdQBF28W7vqQlNsUF8RlyzbQaWgQ5blYGpmflEo5aehhir4
vhP9I/0Mmdnvx4lZCpH5GIYke+oZAD0rt4AiioKAu9iWzatZ6syxHJFoYqnRWn36
OBi7GeGVQzjJJmIEpsqqIcQVcnpLJApIUObosJJ6ojzi39a9y+rxw1xCqhI+hGeQ
3JO+1jzv2jdNs6tBPxhPbEkFe53hYIvNWOYlPIJ8U4soihcuJstPwKQ/sKnkRpuI
iMDwRpZDuLCnI1jqHQuHKaMVZ648AVUJAgZS4xxDzHY/a+vXnX22KPLsPLwW86c2
VOB7hoem0zkTQD6EXiSxZsbI9VXLhIJ0M3X5MIRRoSdQDu/zeng=
=zpmW
-----END PGP SIGNATURE-----