[SECURITY] [DLA 3470-1] owslib security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3470-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
June 25, 2023 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : owslib
Version : 0.17.1-1+deb10u1
CVE ID : CVE-2023-27476
Debian Bug : 1034182
In OWSLib, a Python client library for Open Geospatial web services,
the XML parser did not disable entity resolution which could lead to
arbitrary file reads from an attacker-controlled XML payload.
For Debian 10 buster, this problem has been fixed in version
0.17.1-1+deb10u1.
We recommend that you upgrade your owslib packages.
For the detailed security status of owslib please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/owslib
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmSYiM0ACgkQiNJCh6LY
mLELOg/+Keop2FuqZy4UyyYsa3f6EZDUn3Nucc5cUIMppbzUC1CchtBW3QPaBaDI
q+iNwFOShjFeSzGTvmlsXVEG8t4AARoM4Kt/sjaseMTxoP5GQI/QS2eRTFUJBpJg
uVqKF7gcUCrEjDvxX9oQ6nx+kPMFIwmCLALDiKoE1s59t9t8i4yyh0UrfE8jvNDT
+pd6PEZFuzEdZJghJvi8qZhaWv27vlOVKmZE1A9Kgn+5cQ1H0jZ8pv3cQd8ju1ss
/E0fExwenWd4niBg1sG9V71FgZKM6r3iPXIAqKpbDFvREJlhMGKUDvWrfQC/gHIq
P8qhjCiZsbii3T6hiSfRnGy5BT9p4Z81GMR0UIR3K7xU4Em5nOUUliQnT8yJhPaq
1crGQiI4YEhCZTeRdWeNQaaRKSDfBzTIDBrA76cyre9ZHQoy85ea+uKLOm5fVf/C
cN3bKlZxs+ceaH6qNz9cs8RsEpznHUC6YgdPZqGUG2hbdyjN6bJIiKP0oyXb6nuW
ZlsxkZQ8ZmTFY/DUu5njj//itKhHBoukmakAD5lpaV3WOGxDgOpIlFhjluQJqkDN
BepJYT6gcZIL0z/SK5sAWtl2i3fSui1dhcW0x5rfkYohVGKQdxdpOvt3ps6hWz7X
axTOr5EeOXwyoiCrLnnJlEW8ZdNtnkLZ5GoHD5Uv6p/QQ7s86jQ=
=AjNS
-----END PGP SIGNATURE-----
Reply to: