-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2790-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler October 21, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : python-babel Version : 2.3.4+dfsg.1-2+deb9u1 CVE ID : CVE-2021-42771 Debian Bug : 987824 Tenable discovered that in Babel, a set of tools for internationalizing Python applications, Babel.Locale allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. This vulnerability was also previously addressed under CVE-2021-20095 in other distributions and suites. For Debian 9 stretch, this problem has been fixed in version 2.3.4+dfsg.1-2+deb9u1. We recommend that you upgrade your python-babel packages. For the detailed security status of python-babel please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-babel Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmFxN74ACgkQDTl9HeUl XjBbHQ//V0e3pyFnYcIyqY5OPe9l/IGYlLihgc7l/J7QygHe8QdJJmP0FLlSRwiv OJMnSs7YrJYUx3H9EghYDzgMwhgaM5nh0qHpiiZA/c9lgKKoBpUo5aQkGqviUNA2 CKh4L8y3hMtJEBJgd4MhBDBaZIE8E0/NqoIGl0OAr+mHcqiKyA65pXnEEB/l8ULw TBrUabvibnMtzaZDbvrB6YEs5+YNnODLFgVT/CkvnHQapOTDRpa1KiaT2+G6QqmQ /W0onLZh6daBCmT/oEwlWOUQy0anx9RXpF6W0KX5ZwGPy2kTBZO7EVZFrk+lqwa1 V6QICMSAmqZuzGzA4lE7+UUUX6gY6mseJKnz5ced3FL+cHYqpZ2GXJHVYMlh/Mvs vXl73CD6MK088b4XEkrKl4M2LqBklfqZjAxZNQ4dOX803BgsslAgup57aPUHMm8i haqp/ja5qAbpajF3IYIOT2zu86nB8SGfbxCszKdDzN8DDRUMEJS83OpC9LTRdCEH ullNPUiwFHhRQAXP0hIdcWsf5EKxw/PoouKhEBnu+d1NOlvNaheAbqraPoUxbldj F05iMEKBhsG+qRrphDOmQWihdQfrT6Q2c9kX9equK1OPAwdYlVPPRPYY1bNXSJmX OUrW8fq+NMoi77GT94SyitWCa1QYAxgn19bvD4TBvg4gEClYvi4= =FqUV -----END PGP SIGNATURE-----
