it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5426-1] owslib security update

From: Aron Xu <aron AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5426-1] owslib security update
Date: Wed, 14 Jun 2023 02:25:54 +0000
Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/E1q9GCo-00BpYc-WA AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=k37hgFfN8UQ9J3QgAMBvwO5gH7VqkpwYRfMSEiIpWUA=; b=fU drFseadbDJa12NPRLu0nTkyxtodvktiy6pNqO+mcWLSiWO5mabPQbkWic0FFvJaTn61+ZHoS48lp9 gPfPmk50Y9ZyeA1yypmGWy80foMEj4mLcSWILkxhDrLEQguwedcEjgV4eO/1u4PPLN+lXJ0AHc5s2 /Zo9X63BqVTYj5AqHKMKpeLl9SYuOqKTZd0lhHnORpnpKP7WKRZT5YZ1REcT3OgCZWb9LWEWd08E/ sD4bzBkfJoC13mWod43MUx6mqw3PXhS23p9QtbIJD08mKUs1GyU4bhGDi5bDWuETH6MCOt/s61/Nq LCOAw4hU1lBje31jSPxjBhh2p3qtWw3g==;
Old-return-path: <aron AT seger.debian.org>
Priority: urgent
Resent-date: Wed, 14 Jun 2023 02:26:17 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <etBwFvmn5-N.A.xEF.JVSikB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5426-1 security AT debian.org
https://www.debian.org/security/ Aron Xu
June 14, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : owslib
CVE ID : CVE-2023-27476
Debian Bug : 1034182

An arbitrary file reads from malformed XML payload vulnerbility was
discovered in owslib, the Python client library for Open Geospatial (OGC)
web services. This issue has been addressed by always using lxml as the
XML parser with entity resolution disabled.

For the oldstable distribution (bullseye), this problem has been fixed
in version 0.23.0-1+deb11u1.

We recommend that you upgrade your owslib packages.

For the detailed security status of owslib please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/owslib

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmSJH/AACgkQO1LKKgqv
2VQBugf9EQeMoKzsAYfAG6NTgqF9hu5+SMNAlv2IsHzTJZwL8nOpXXhBDq6h2kvY
wIScctrpjlJCOulvsYptnVS7hzHt/KqUSXzTap7fg4JxWkpaOylvcLvIwcbPbKSY
7KzpWk1mdvePj+ktFaFx/IGKzCD95FGZhMqBhHJc8yPWoZUG3zaL2E8X99gBOVdj
FHz6OIhjChaDTGfMr8sV7EpNR5YshFVSeTamysyIGxZe41KWg5mxbnFO8BpIZHWl
9Tuz64xhp/QO9SjCDBWbd8zOuoouvaEtXgf8MyJjvPZkTX5PMIFvIVkKP3NHBnH6
MUo1mXDUIA7PStjost53yEkU7caRWQ==
=DwF9
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5426-1] owslib security update, Aron Xu, 14.06.2023

Archiv bereitgestellt durch MHonArc 2.6.24.