Re: Bug#802828: python-pygments: shell injection in FontManager._get_nix_font_path
Control: retitle -1 python-pygments: CVE-2015-8557: shell injection in FontManager._get_nix_font_path
Control: severity -1 important
Control: tag -1 + patch
On Fri, 23 Oct 2015, Jakub Wilk wrote:
> Javantea reported in <http://seclists.org/fulldisclosure/2015/Oct/4>:
This has been assigned CVE-2015-8557 and the recommended patch
to use is
https://bitbucket.org/birkenfeld/pygments-main/commits/0036ab1c99e256298094505e5e92f
I'm upgrading the severity to important. All Debian releases are affected.
Piotr, the Debian LTS team wants to fix this issue in squeeze too. Do you
want to take care of this by yourself?
If yes, please follow the workflow we have defined here:
http://wiki.debian.org/LTS/Development
If that workflow is a burden to you, feel free to just prepare an
updated source package and send it to debian-lts@lists.debian.org
(via a debdiff, or with an URL pointing to the source package,
or even with a pointer to your packaging repository), and the members
of the LTS team will take care of the rest. Indicate clearly whether you
have tested the updated package or not.
If you don't want to take care of this update, it's not a problem, we
will do our best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.
Thank you very much.
Raphaël Hertzog,
on behalf of the Debian LTS team.
PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Reply to: