Univention Bugzilla – Bug 53981
python-babel: Multiple issues (4.4)
Last modified: 2021-10-28 18:15:55 CEST
New Debian python-babel 2.3.4+dfsg.1-2+deb9u1 fixes: This update addresses the following issue: * Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. (CVE-2021-42771)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/python-babel_2.3.4+dfsg.1-2.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/python-babel_2.3.4+dfsg.1-2+deb9u1.dsc @@ -1,3 +1,15 @@ +2.3.4+dfsg.1-2+deb9u1 [Thu, 21 Oct 2021 09:37:01 +0200] Sylvain Beucler <beuc@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + + [ Abhijith PA ] + * CVE-2021-20095/CVE-2021-42771: Babel.Locale allows attackers to load + arbitrary locale .dat files (containing serialized Python objects) via + directory traversal, leading to code execution. (Closes: #987824) + + [ Sylvain Beucler ] + * Fix test suite in summer time zones + 2.3.4+dfsg.1-2 [Mon, 16 May 2016 21:30:02 +0200] Sebastian Ramacher <sramacher@debian.org>: * Team upload. <http://piuparts.knut.univention.de/4.4-8/#3761573979185367498>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x1075>