#1140575 bookworm-pu: package python-pyramid/2.0+dfsg-2+deb12u1

#1140575#5
Date:
2026-06-23 02:08:03 UTC
From:
To:
[ Reason ]
Fix CVE-2023-40587, a path traversal vulnerability affecting Pyramid
when running on Python 3.11.

[ Impact ]
The issue is limited in scope and only affects deployments using
filesystem-backed static views on vulnerable Python versions.

[ Tests ]
The package builds successfully and the upstream test suite passes.

[ Risks ]
Low. The update consists of the upstream fix for rejecting paths
containing NUL bytes during static path handling.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Add upstream patch to fix CVE-2023-40587

[ Other info ]
The upload will be sponsored by Colin Watson.

#1140575#12
Date:
2026-06-30 05:50:28 UTC
From:
To:
Control: tags -1 + confirmed

Please go ahead.

Regards,

Adam