[SECURITY] [DLA 3497-1] pypdf2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3497-1] pypdf2 security update
From: Adrian Bunk <bunk@debian.org>
Date: Fri, 14 Jul 2023 23:54:53 +0300
Message-id: <[🔎] ZLG2HTn82tJwbYbF@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3497-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
July 14, 2023                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : pypdf2
Version        : 1.26.0-2+deb10u2
CVE ID         : CVE-2023-36810

Quadratic runtime with malformed PDFs missing xref marker has been fixed 
in PyPDF2, a pure Python PDF library.

For Debian 10 buster, this problem has been fixed in version
1.26.0-2+deb10u2.

We recommend that you upgrade your pypdf2 packages.

For the detailed security status of pypdf2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pypdf2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmSxthkACgkQiNJCh6LY
mLFjvRAApnyrNsqRi2+tFb1HJgqgMj8nmFk+HFleyWTZjP/z6iR1h917B/vQnHz1
byT+IYMknVhXKduf+mOiYItWE5tNGpXMwZtgX3yXnnvYLNcKR/SuN900vWx3OSf/
fIbe2hLJtHuo9CEopv6GxFo4k2aZFD5dqRxXPeyq1BGHL0/T6b6PiZ6bLGIkATiq
ZWcWOMWZuaMX/t1wrJs0EC5LlgbowKs2acvxUsjcKYqX+SyDxHgdSgRvmnCfHlIu
dnW1HtqxozRjgx7uMtCvh6yYsVHr3rozSrS4hODiYmxSJnoe5uSILL7bFni3wWYK
YE13xtlZrVemqEZ1PHojZ3oZ4KSSW2jaBkc06ybI1C6LGoJwmYiJuC6RqaceVtaQ
ZyHWm4d6T8OozEIL48pmHsM+05/DQOcaaTEnJlLQH8d+xELYdd75ZYSJUkDIUPbc
zt/Q9S+dkkDDscqp8o+OgvjAmIeGrIMvIsKB2UDjq43LLUM28zk3fnY0OsoFlUxY
jHCn1JTz4Y1HojgmTbQ2UN2UDZITWTrwJG1m+JhP/Z4YEwT2JQSXQAIQs6zUik5i
QfORKXZ7UyB08FMXQ6yndtyRbbqogjVuZC9ctzm+RzxImE7/vDpkQOne3PPk8oaM
uF13GQBRyRrMj9pIQszHo4JQwkNWWDQoM96wuuVYIlf659G7eZk=
=sBpG
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3496-1] lemonldap-ng security update
Next by Date: [SECURITY] [DLA 3499-1] libapache2-mod-auth-openidc security update
Previous by thread: [SECURITY] [DLA 3496-1] lemonldap-ng security update
Next by thread: [SECURITY] [DLA 3499-1] libapache2-mod-auth-openidc security update
Index(es):
- Date
- Thread