Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 888271 - [TRACKER] dev-python/future removal tracker
Summary: [TRACKER] dev-python/future removal tracker
Status: CONFIRMED
Alias: None
Product: Quality Assurance
Classification: Unclassified
Component: Trackers (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Python Gentoo Team
URL:
Whiteboard:
Keywords:
Depends on: 888287 888273 888275 888277 888279 888281 888283 888285 888289 888291 888293 888295 888297 888299 888301 888303 888305
Blocks:
  Show dependency tree
 
Reported: 2022-12-25 09:30 UTC by Michał Górny
Modified: 2023-04-30 14:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2022-12-25 09:30:12 UTC
# Unmaintained with last release in 2019.  We already patched it to work
# with Python 3.9+.  The upstream code is also vulnerable
# to CVE-2022-40899.  Above all, this library is completely redundant
# to packages not supporting Python 2 anymore.
Comment 1 BobbyK 2023-04-30 14:26:04 UTC
Does 0.18.3 released on Jan 12 2023 (at least that's what it says on https://pypi.org/project/future/) have the same limitations and vulnerabilities?
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2023-04-30 14:40:47 UTC
(In reply to BobbyK from comment #1)
> Does 0.18.3 released on Jan 12 2023 (at least that's what it says on
> https://pypi.org/project/future/) have the same limitations and
> vulnerabilities?

IIRC they've fixed *something* but definitely not all the things we were already patching.