-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6035-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 23, 2025 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : python-internetarchive CVE ID : CVE-2025-58438 It was discovered that insecure path handling in the Python interface to the Internet Archive/archive.org could result in overwriting a user's files. For the oldstable distribution (bookworm), this problem has been fixed in version 3.3.0-2~deb12u1. For the stable distribution (trixie), this problem has been fixed in version 5.4.0-2~deb13u1. We recommend that you upgrade your python-internetarchive packages. For the detailed security status of python-internetarchive please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-internetarchive Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmj6e8gACgkQEMKTtsN8 TjZeyhAAspNY339aXoO+PEOdy27b+IA710Vy7z0Ij8Sd74pYuvc6SNSh6lqZ6ALC x9uB1z+G7AVU35QQJTnXYprQ1EERh9QwFT2NurcuQ6tui7U0XlZy6nNP+88DNAHf NjIaJRk4msZ4VqX+prjSIx9tLPwbaeFvjuVdZhG41hwhRSwB+Sga8NmyqpxdoWUO s2qVGtZCotZekSMzFky8d9jomJxUtdL2nhUCnzM2yYSDBZe467D3AAzIr4oEoaoS /V7oQVDL9NXG5Dbgyt0weEY3gfUP8IWiaeIa/BC0Eg12djGocNZzMQxZNizMOyXz 19u3j5fF0t59mHCAYY+x1Lt5tyA8nyBiaXSkJcHaCPqbtOwEyf9wU+ed2n12KDY5 x3uJlup7ieEtn3D7FWJzHW11U7XAEXS/+oaYP2mEaX6xMqOL6Xa3d+KKDKgJlFhN dB8LOz2ORghjNXBjAQKP/K4FhfYkFmoC4llgJAbVby0CzhkGfbv0V+xe5eqiB6l0 IhN20FKX9VYBV5oxOTwJE1tyM/+VTSX+D3eS7HucY5d1Soq0R/4jwZyjoCYIstU9 gJU0dGVuemVNSRMN2o9O0M9Wqd0FrsTaYTCH5dkW+pEdh+UXSgF2Rq0Go34msW0X aePzfl7kQMv4UQCwl3aTGowaXr9PyHBZ1n2ZSha5gdwha8zZvAM= =Lny5 -----END PGP SIGNATURE-----
