[ Reason ]
Fix CVE-2023-40587, a path traversal vulnerability affecting Pyramid
when running on Python 3.11.
[ Impact ]
The issue is limited in scope and only affects deployments using
filesystem-backed static views on vulnerable Python versions.
[ Tests ]
The package builds successfully and the upstream test suite passes.
[ Risks ]
Low. The update consists of the upstream fix for rejecting paths
containing NUL bytes during static path handling.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Add upstream patch to fix CVE-2023-40587
[ Other info ]
The upload will be sponsored by Colin Watson.