Ubuntu
python-pymysql package

python-pymysql ftbfs in focal

Bug #1891484 reported by Matthias Klose
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-pymysql (Ubuntu)
Fix Released
High
Unassigned

Bug Description

seen in a focal test rebuild:
https://launchpad.net/ubuntu/+archive/test-rebuild-20200810-focal/+build/19799887

======================================================================
ERROR: test_issue_288 (pymysql.tests.test_basic.TestBulkInserts)
executemany should work with "insert ... on update"
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/<<PKGBUILDDIR>>/pymysql/tests/test_basic.py", line 360, in test_issue_288
    cursor.executemany("""insert
  File "/<<PKGBUILDDIR>>/pymysql/cursors.py", line 195, in executemany
    return self._do_execute_many(q_prefix, q_values, q_postfix, args,
  File "/<<PKGBUILDDIR>>/pymysql/cursors.py", line 234, in _do_execute_many
    rows += self.execute(sql + postfix)
  File "/<<PKGBUILDDIR>>/pymysql/cursors.py", line 170, in execute
    result = self._query(query)
  File "/<<PKGBUILDDIR>>/pymysql/cursors.py", line 329, in _query
    self._do_get_result()
  File "/<<PKGBUILDDIR>>/pymysql/cursors.py", line 353, in _do_get_result
    self._show_warnings()
  File "/<<PKGBUILDDIR>>/pymysql/cursors.py", line 369, in _show_warnings
    warnings.warn(err.Warning(*w[1:3]), stacklevel=4)
pymysql.err.Warning: (1287, "'VALUES function' is deprecated and will be removed in a future release. Please use an alias (INSERT INTO ... VALUES (...) AS alias) and replace VALUES(col) in the ON DUPLICATE KEY UPDATE clause with alias.col instead")

----------------------------------------------------------------------
Ran 172 tests in 5.296s

FAILED (errors=1, skipped=17, expected failures=1)
No garbages!
E: pybuild pybuild:341: test: plugin custom failed with: exit code=1: debian/run_tests.sh python3.8

CVE References

Matthias Klose (doko)
Changed in python-pymysql (Ubuntu):
status: New → Confirmed
importance: Undecided → High
tags: added: ftbfs rls-ff-incoming
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-pymysql - 0.9.3-2ubuntu3.1

---------------
python-pymysql (0.9.3-2ubuntu3.1) focal-security; urgency=medium

  * SECURITY UPDATE: SQL injection via untrusted JSON input
    - debian/patches/CVE-2024-36039.patch: forbid dict parameter in
      pymysql/converters.py, pymysql/tests/test_connection.py.
    - CVE-2024-36039
  * Fix FTBFS caused by MySQL deprecation warnings (LP: #1891484)
    - debian/patches/disable_warnings.patch: disable auto show warnings in
      some tests as newer MySQL versions have some deprecation warnings
      that break test results.

 -- Marc Deslauriers <email address hidden> Tue, 28 May 2024 13:36:35 -0400

Changed in python-pymysql (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.