[SECURITY] [DLA 2754-1] pywps security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2754-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
September 04, 2021 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : pywps
Version : 4.0.0-3+deb9u1
CVE ID : CVE-2021-39371
An XML external entity (XXE) injection in pywps allows an attacker to
view files on the application server filesystem by assigning a path
to the entity.
For Debian 9 stretch, this problem has been fixed in version
4.0.0-3+deb9u1.
We recommend that you upgrade your pywps packages.
For the detailed security status of pywps please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pywps
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmEzVWIACgkQhj1N8u2c
KO8l3A//aBYTDFgaNsPgCMUn+ipVY1/KOELbEpMOnXaww9fIwTNxBVPwrCQO7uej
yEdstbMGrZ23pB+2IxO+6ma/1Z+y5XWUHgtnOLE6Qfcafo+22O/8WRYeJgf1a7id
veKRQCspXVclFKnfkiPQb/Yr3BLE8m9OrAozRG7LUICE9ILKVpd5JQ8Qiexrhwp4
djWjPSdvDJWmRR4m30t8F4Y/gQK3DpNJrTZfWT5YPo6375JVDi+8FTfMyWWCHrMq
2tSDPyuA5ArZpsPCjRc2gfDy/OAjUpGoXMIqUbR/8lHZbO1Jqle+nb+Bj2kwBbR7
456dQQb03tvX+jhthyb6eXwvnngC0WhgpVqJ/QY+T5czZHLXDxxraCvzI80k+6w+
RGQ0uyO/b5UIwK70dfXNXAXio1dlw0o0IDqqY/AprqEbkMVBky0wKyiooeF56KsX
Xf+zSyS+eikn0PloaV0RaEntjYeyWMyHPZbvRvdygYsy0NbANoxxHHCShGYBg6mV
uAag4lhZ9qxzMrIIHtaR7ayVXqq7Sd7BHOvs2cAeJJWaLCzbAVIRL6v4EDxqMk+c
osNW/OhIgApcCIFg87CVPBhn7GwS1EcB+i8r3qiAhOFXW4MyLj55bf425BnJwVyo
MvE4OLLOq1WHy1gix4gKfLUIG3zU5kdYLL2FX+mUa2OuFUGLrsM=
=TdJO
-----END PGP SIGNATURE-----
Reply to: