-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3803-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb April 30, 2024 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : astropy Version : 3.1.2-2+deb10u1 CVE ID : CVE-2023-41334 It was discovered that there was a potential remote code execution vulnerability in Astropy, a suite of tools, utilities and Python utilities for astrophysics. Improper input validation in the TranformGraph().to_dot_graph function could have led to arbitary command execution as values were passed as the first argument to subprocess.Popen. Although an error will be raised, the command or script would still be executed successfully. For Debian 10 buster, this problem has been fixed in version 3.1.2-2+deb10u1. We recommend that you upgrade your astropy packages. For the detailed security status of astropy please refer to its security tracker page at: https://security-tracker.debian.org/tracker/astropy Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmYxE9wACgkQHpU+J9Qx HlgyUxAArVX5hHzi3rCDimqataA19tVSRQCqag7uwpptaPqgv2bEDlPaW/tvOiQ4 Sr2MBovFMEpAk2JneqzYLqbqgk7sqz7A4ah7Ej4yWi1tz2KebtrzkEfclzOvQcQo d1eoU7DyzvK5bvuBVpBjDc9yekxWqSn0EYhaJUXqkabFMWv1h+iN3CQON9570ELF /4jXnravnqYwLZkMUERz1OeG9V68A5aR29Y3w2cGNbWYNdWP154izGO16sl1fOEJ pu1fV14P5Jd5olcH+uvUeYmx+PU0xQkMqW4KQIctd03jrk7fhCIptOBbPPm3MyyL OKTmzPfjZShUGouyErjYCD9rN7/81WVjwP7fU1Ycqc8QDRtcJYn9Qk+uiTtUpTMh 3WNA5GKHZJhqvMsA8pMhXxuMdmfYySUniDSMVJKjKZP4Zt60fmNwX//VkNZCtUhl /wxMaaGmA/18/7V7fkrlGcaBX/JL8C2enOdvGfDA64vi4zs3NQoXqGe8jyusz1fD AGScBOgsUUY07rPrLJgkEt9yS5pgFChXo4jZ55/6yQ5VBV+J14Nsy+yhy/fxG915 gMnl27VUJRa2X/Rbeq0Uwhxb79lAjP/KPY+dCZRkOat6n3Cy4XNSsXKbr7ZxNTbn 34cjIb0jJzWemS6gqYuqxghhQLsaHmYqwnXaZ35h5QLjO8RU7Go= =yqxq -----END PGP SIGNATURE-----