Debian Patches
Status for python-parsl/2025.01.13+ds-1+deb13u1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| shebang.patch | fix missing shebang to script flagged for installation. | Étienne Mollier <emollier@debian.org> | yes | 2024-01-14 | ||
| privacy-breaches.patch | fix privacy breaches in html template file. | Étienne Mollier <emollier@debian.org> | not-needed | 2024-01-14 | ||
| offline-documentation.patch | remove steps requirering Internet for the documentation. | Étienne Mollier <emollier@debian.org> | not-needed | 2024-01-14 | ||
| sphinx-autodoc-preserve-argdefaults.patch | improve Sphinx documentation reproducibility by preserving argument defaults The TaskVineManagerConfig dataclass includes an 'address' attribute that is set to the value of socket.gethostname() when the class is loaded. . Meanwhile, the TaskVineExecutor.__init__ method 'manager_config' argument has a default value of a no-args constructed TaskVineManagerConfig instance. . When Sphinx builds documentation, by default it will emit a Python repr() of the manager_config argument, causing the hostname of the build host to be included. . We can solve that by instructing the Sphinx autodoc extension to retain the textual representation of argument lists as they are found in the source code, instead of evaluated and repr'd equivalents. |
James Addison <jay@jp-hosting.net> | yes | debian | ||
| CVE-2026-21892.patch | Switch two visualization views to safer SQL parameter style (#4049) Prior to this PR, these two SQL statements were formed by direct string substitution, which allowed arbitrary text injection into the SQL string. . I think in the default configuration this isn't a security vulnerability, because whatever is injected at these points is limited in what it can do: the database is already public because thats what parsl-visualize does, and sqlite will not allow other commands to be executed alongside the query. . This was reported by @viralvaghela in https://github.com/Parsl/parsl/security/advisories/GHSA-f2mf-q878-gh58 (unpublished at time of commit) . # Changed Behaviour . In the happy path, nothing. In error paths, malformed (malicious or not) workflow identifiers will not leak into SQL. . # Fixes . https://github.com/Parsl/parsl/security/advisories/GHSA-f2mf-q878-gh58 . ## Type of change . - Bug fix diff --git a/parsl/monitoring/visualization/views.py b/parsl/monitoring/visualization/views.py index 8e341191..02e7b04a 100644 |
Ben Clifford <benc@hawaga.org.uk> | no | 2026-01-05 |
All known versions for source package 'python-parsl'
- 2026.01.26+ds-1 (sid, forky)
- 2025.01.13+ds-1+deb13u1 (trixie-proposed-updates, trixie-security)
- 2025.01.13+ds-1 (trixie)