-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 31 Dec 2024 01:08:15 +0100 Source: setuptools Architecture: source Version: 66.1.1-1+deb12u1 Distribution: bookworm Urgency: medium Maintainer: Matthias Klose Changed-By: Daniel Leidert Changes: setuptools (66.1.1-1+deb12u1) bookworm; urgency=medium . * Non-maintainer upload by the Debian LTS team. * debian/patches/CVE-2024-6345.patch: Fix CVE-2024-6345. - Replace the unsafe use of os.system to fix a possible remote code execution by supplying malicious URLs in a package index or via the command line. Checksums-Sha1: 5574187d7ab2f2235e149280bf2e53d08a309042 2220 setuptools_66.1.1-1+deb12u1.dsc 4cf756cca66ab9766ce3be10ff13e43ea2eea51c 2644145 setuptools_66.1.1.orig.tar.gz 5783b7e13af2202b89a61dd0ef4de7018849b0d1 16848 setuptools_66.1.1-1+deb12u1.debian.tar.xz 3bf8d3768f3aba8b4fc6876ea1be785f76ad452c 8916 setuptools_66.1.1-1+deb12u1_amd64.buildinfo Checksums-Sha256: b7d68bde65ba30ba5f9cfc79eef40b4b61bc9bcc662af504312e99210e4c527c 2220 setuptools_66.1.1-1+deb12u1.dsc ac4008d396bc9cd983ea483cb7139c0240a07bbc74ffb6232fceffedc6cf03a8 2644145 setuptools_66.1.1.orig.tar.gz 8abbf1a1dbb0a38e6d9c0ae8c701d6b6f36aeb475fcb4112cb03ce1c1114fd80 16848 setuptools_66.1.1-1+deb12u1.debian.tar.xz f3fc50268347e0304b3af95663aabcfef40fe3df7084382dd5fc2675a7461c9e 8916 setuptools_66.1.1-1+deb12u1_amd64.buildinfo Files: 4230ec2e5e997ef7e6ba0cf894a696eb 2220 python optional setuptools_66.1.1-1+deb12u1.dsc 9f21ce5e5f6c6e2ccd3a8c6b63b2dcf2 2644145 python optional setuptools_66.1.1.orig.tar.gz 6d82ef90662b69ccab5e6bbd8f03926a 16848 python optional setuptools_66.1.1-1+deb12u1.debian.tar.xz f4f20589b39434ed505f03c17ace47fc 8916 python optional setuptools_66.1.1-1+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmd3HIgACgkQS80FZ8KW 0F34aw/9GEK1+G1isj1deCE7jmMXKIZ2FTgTyytDBTL7zTbuAhxf9m0kG688ddSu W9/vh/QYi4zlmbTxu0zdw2ZEXzf4acq5v+ru7npN7//WqegLNcUwq2iEsTjVNEjo tlpnf2iAHAynjcX700kjswdPPz+rxXsRksPHKdJt/Zzdll5swOQB0REW3Zp5BfdG ptCn7we74mHmFvBYY2h5/e0Ia2mIw0wOGeqIxwIAFuP8WBRzZguM5avUnb5NOn9R 8mJzVDStoGzkP1+YNLbrwhbLsOr1inDBX7B0x9LoSkfy7OjOKAtDNlBbIl1co9EB nlji8MFZrl74eYJtIMR/jqCYeoqUNQckXUm+FGhT9ubre5ezoBJMK4IVDpLk2DD6 tYz2zT25PdKJVgtlk6uOj3R8pUdoZ6WhSRmrsGg7XHrcFY46EW7Ys0aic4fQS4nl EuNs/p7uaA9jdj3XJHZm/37pOEArBaX4VMDwgX6xA6OwgAs4Ajz1j723EfKZNQZV YUUOdpGKVW59XFrjfYdN1hKbNAZxLy13PimfApFbnsOm24sLnWU4M+JH5Xu01q5u 5kujWgOp77gRCA7/ISj3up/QxlhVVpZQBx3T/9vTYibrKprcqI7tkfKeebnvJchK 9Nd7AvCriUcQsYqShJUgodEOd5ITIHpN+eiABkARZF+w1OLuleo= =J8Lu -----END PGP SIGNATURE-----