[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3771-1] python2.7 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3771-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
March 24, 2024                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : python2.7
Version        : 2.7.16-2+deb10u4
CVE ID         : CVE-2024-0450

The zipfile module was vulnerable to “quoted-overlap” zip-bombs
in the Python 2 interpreter.

For Debian 10 buster, this problem has been fixed in version
2.7.16-2+deb10u4.

We recommend that you upgrade your python2.7 packages.

For the detailed security status of python2.7 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python2.7

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYAnrkACgkQiNJCh6LY
mLHrCxAAmKn7dXeyFszkXoJ2sORjLQ/Y4qJb0C5Qg5JRCqRaAh0UcNNgxjX2/Ptl
26GcGdmE3BRKBhGblTn5LD23gGV8ppFXRfGmhTk1A6yGv+pFz6dRleQXutcFv5Jp
dWVteB6Zv9bs3ed5EI4SojK9MmJJ/76d0AjFTjy0cT+CVitkGuDb6PMrZNaiPuvx
sM/1P+mYrJY5SKVi8lM8ANYHEckmsnFTn5wVIp9oXzS+OP2ctilXlth9wH0optcH
VZhMWwme/WwplVtcYGC1Jo1D+x3G/ruON/WgforaLaCWtozawVJJ8TH/c7aX+Oo/
LfPiwzdP6sOXIxMU7ttuoXUk/M/m2VVI3ECB5QSNBd7Uw00glc0vsOXFVn/DCxbL
eQGRQRFoKlb2ZmqBu97UnBcns2L0spD/MA/BkVZmQfwxD3KevGtDhLloZGBGwLSZ
amqBtQKFqCw9B7ZxKw06//1NI8gGCCubcHCCtZKPqWWJqG07jT3/A7IyeOMnmwEf
oJTPK/XfGzBY/w8obz6dDJDoWwNp6DG6YyyDa40KbhNdy6HRPlgL3eRq6k7XOsTk
4c8qsLgK8OCL42zP7WGH5diwsxgrj0pQwuCwM2IJaKGUjZUpOja4j9x25ay4Y0Td
hYnk7qMNp9EL4GfjoJc4EKc5AOwVfIqHrm6lXcwICTDba3TKRTk=
=icBc
-----END PGP SIGNATURE-----
Reply to: