it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Moritz Muehlenhoff <jmm AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5791-1] python-reportlab security update
- Date: Sun, 13 Oct 2024 18:22:52 +0000
- Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/ZwwP/PW5xCeh7Hbu AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=mZSSGtzQOlkO13s4u1i+Oh1/QA0fYjZemGlo6gurnZ4=; b=aW J88YvNAMnAqZyRNYd+jGdhWcKlXyBY1nr4W+l+d4Hew5bfA8nQES1ACwodInqb8O6CXMMQaRyhxus XU9tMGV8uJyI8vrIlYodc4R/zQPKopERsprc1nkpgxeYTu/WEcixPwBa6iHWQTNYEWf1Y9kFb+ntQ GE3PhNSIwc2qp9q3HTkwQl8dvM5C73NfKf2rmA47/8B+A/I0JkV4i57IbJSx49khre99mrxk5KNYl 3777VOiPZaIwPCCOOPnmWPO68XUIbI9B618MUAlrsh9NowJeIh5s7s+/qSaHujD8InOR++0hk/4u2 4q+2oQYG7IqRzLDqr1YJVRXdNevsqfQw==;
- Old-return-path: <jmm AT seger.debian.org>
- Priority: urgent
- Resent-date: Sun, 13 Oct 2024 18:23:12 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <6krHlYlnPz.A.APcL.QABDnB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5791-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 13, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : python-reportlab
CVE ID : CVE-2023-33733
Elyas Damej discovered that a sandbox mechanism in ReportLab, a Python
library to create PDF documents, could be bypassed which may result in
the execution of arbitrary code when converting malformed HTML to a PDF
document.
For the stable distribution (bookworm), this problem has been fixed in
version 3.6.12-1+deb12u1.
We recommend that you upgrade your python-reportlab packages.
For the detailed security status of python-reportlab please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-reportlab
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcMDm4ACgkQEMKTtsN8
Tja2Lw//RW9W1X/NuzRQKUmUf+5jPBY48jOsfoOCjJTEUXSjptjP0m5QA/xsd78b
2C4Eq9SooafXXPufiJGbtYs0CP4Xvuok/G1rPkgpcZPYQ2m9Bbcrp6JAMrb/CeAu
msuBCQc7IgaCz8AkMh81JxNy5CqVvh9EJdKgZYyviT7wa5Bqyx6TBicfQHdZ8bNk
6xQqh0S3+rzkKoau9YE0rYWRZ/AOLki5PUGqsEJOzXFpwn4Ahvk/pBCTra7E/k0o
L2bUmVSFtTJcdowtofbh/c9K8ZQmI0k8CMU82LU4cTaV6UjK+498JWpQLl6uq5RI
SKppR3I5tsk+DVAve4ek1yAyXNrgscm1u62IxSDQpuBc3GgW6cN5nrKYHoALdnji
RD+8OSChTIOpbVSZ4y9tUFU7mHRoVkne4pNohujV/8M1umupJ108nXA34avR+B7D
sResI70m19/ocLR5uH1v/rGO4FUrSfAKgOYBR8ryO/YcbDROixyOHFN7vxCUxXF3
UPc3uPVuQilHOCi0w+S4JxcLywFXoDIj1qtGlzKA9rtAMA6okHILJKCy43lEo+36
nr0WZMZuF7kDQLPkpb1+6zf3Mxwj8QrpRFCT+DYyLfg5MLYLM4Trbavtpk/faXQo
P+pLMfjIaq8Nrd7/UOXFQXWFSUh8YwOm99je9zr1Am35zftZnNU=
=MICC
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5791-1] python-reportlab security update, Moritz Muehlenhoff, 13.10.2024
Archiv bereitgestellt durch MHonArc 2.6.19+.