-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2950-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 16, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : python-scrapy Version : 1.0.3-2+deb9u1 CVE ID : CVE-2021-41125 CVE-2022-0577 It was found that Scrapy, a framework for extracting data from websites, could send HTTP Authorization as well as cookies to other domains in case of redirections, possibly leaking user credentials. For Debian 9 stretch, these problems have been fixed in version 1.0.3-2+deb9u1. We recommend that you upgrade your python-scrapy packages. For the detailed security status of python-scrapy please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-scrapy Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmIx0I8ACgkQnUbEiOQ2 gwKNvw/+MniywnqwPiX+P/pT2FQ9wzPEd/ECTGqOVw237jR+Iz9kWX3qecnTyQrx VwoK5AYvjX0u5kDuw8mLD1iVP7JGWtF+HGnsSJEVlQhvPSMUsOp2kZoB4+lI5UyV j7xZgl1uuRddjuc9o370nJIoWWep4DVrd64Ssa5eAeTspTeNC4Vmo0BIHIcE1Now 2jGJ+g/mk+KzqckY8GJyYujVLaTeYpcLC7QzaF1uw2N1qtT+i67m6BRJ+fJprO9s pRerH5ltqXiQ5lTHOUNPTY4E/zxpUnwwvEaF9PLIWwpMGH0wGPDkQKkbrrC3njtq E6v9QxptB/Wt/fbiITNbCTJ6xIhcef9FVfyqvlM7M8RtWrX/F/94hLVFXHGJDPnB LTxmYKia9x6o7yZ3mg1DJbrpZgrYszhVIwZ/1h4kJYHrQQEp6PhH7ANFuvXoRdeX 29JOPoVc+T7NV5VD0XsGT7ShYwzG6NDFiLlui5aA8DdDY/62tEbjaxrZbW728wkw a/TwFBOJVHz4Gm0xg14iiNrHAX0n0nQrzB9BbjLnX2EYEfPWokXg2tx3l6xih5F6 UMr8Coukzwt67ZUcnVAFvZTMqyT91tpwbYRJF981vY9pOtJR9VEOHiUPpRm2p52P /8STCNQaTe1BbXQczQjibDTv86xgwXfit9Nf1cywaorij0tDQ1o= =u+85 -----END PGP SIGNATURE-----
