Hello, Python maintainers.

Debian "py7zr" package has security issue CVE-2022-44900,
and this issue affects Debian "calibre" package because "calibre" depends
this "py7zr" module.
https://tracker.debian.org/pkg/py7zr

Please examine Debian bug report 1032091, and fix this issue.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032091

Debian release system will auto-remove these packages from testing distribution on Wed 12 Apr 2023.

Thanks,
--
YOKOTA Hiroshi

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Debian "py7zr" package has security issue CVE-2022-44900,
and this issue affects Debian "calibre" package because "calibre" depends this "py7zr" module.
https://tracker.debian.org/pkg/py7zr

Please examine Debian bug report 1032091, and fix this issue.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032091

Debian release system will auto-remove these packages from testing distribution
on Wed 12 Apr 2023.

feel free to provide a patch to fix it. upgrading to newer upstream
releases is prohibitive given the increasing amount of
additional/frivolous dependencies upstream decided to rely on.

--
Sandro "morph" Tosi
My website: http://sandrotosi.me/
Me at Debian: http://wiki.debian.org/SandroTosi
Twitter: https://twitter.com/sandrotosi

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello, Sandro.

feel free to provide a patch to fix it. upgrading to newer upstream
releases is prohibitive given the increasing amount of
additional/frivolous dependencies upstream decided to rely on.

Thanks for your quick response.
I was pushed merge request to Debian salsa repository about this issue.

https://salsa.debian.org/python-team/packages/py7zr/-/merge_requests/2

--
YOKOTA

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)