Debian Joblib vulnerabilities

CVE-2024-34997 [HIGH] CVE-2024-34997: joblib - joblib v1.4.2 was discovered to contain a deserialization vulnerability via the ... joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2022-21797 [HIGH] CVE-2022-21797: joblib - The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Exec... The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. Scope: local bookworm: resolved (fixed in 1.2.0-1) bullseye: resolved (fixed in 0.17.0-4+deb11u1) forky: resolved (fixed in 1.2.0-1) sid: resolved (fixed in 1.2.0-1) trixie: resolved (fixed in 1.2.0-1)