Univention Bugzilla – Bug 56678
python-reportlab: Multiple issues (5.0)
Last modified: 2023-10-04 17:06:40 CEST
New Debian python-reportlab 3.5.13-1+deb10u2 fixes: This update addresses the following issues: 3.5.13-1+deb10u2 (Fri, 29 Sep 2023 18:13:41 +0200) * Non-maintainer upload by the LTS Security Team. * Fix CVE-2019-19450: code injection in paraparser.py allows code execution. * Fix CVE-2020-28463: Server-side Request Forgery (SSRF) via <img> tags. New settings ‘trustedHosts’ and ‘trustedSchemes’ are added to explicitely define an allowlist.
--- mirror/ftp/pool/main/p/python-reportlab/python-reportlab_3.5.13-1+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-5/source/python-reportlab_3.5.13-1+deb10u2.dsc @@ -1,3 +1,11 @@ +3.5.13-1+deb10u2 [Fri, 29 Sep 2023 18:13:41 +0200] Guilhem Moulin <guilhem@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * Fix CVE-2019-19450: code injection in paraparser.py allows code execution. + * Fix CVE-2020-28463: Server-side Request Forgery (SSRF) via <img> tags. + New settings ‘trustedHosts’ and ‘trustedSchemes’ are added to explicitely + define an allowlist. + 3.5.13-1+deb10u1 [Fri, 24 Apr 2020 22:29:45 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/5.0-5/#7109065806580857195>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-5] 1a33b1f831c Bug #56678: python-reportlab 3.5.13-1+deb10u2 doc/errata/staging/python-reportlab.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) [5.0-5] dd372d26c06 Bug #56678: python-reportlab 3.5.13-1+deb10u2 doc/errata/staging/python-reportlab.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x827>