Your message dated Fri, 24 Dec 2021 13:54:29 +0000
with message-id <[email protected]>
and subject line Bug#987824: fixed in python-babel 2.6.0+dfsg.1-1+deb10u1
has caused the Debian Bug report #987824,
regarding python-babel: CVE-2021-42771
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
987824: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987824
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-babel
Version: 2.8.0+dfsg.1-6
Severity: important
Tags: security upstream
Forwarded: https://github.com/python-babel/babel/pull/782
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 2.6.0+dfsg.1-1
Hi,
The following vulnerability was published for python-babel.
CVE-2021-20095[0]:
| Relative Path Traversal in Babel 2.9.0 allows an attacker to load
| arbitrary locale files on disk and execute arbitrary code.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-20095
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20095
[1] https://github.com/python-babel/babel/pull/782
[2] https://www.tenable.com/security/research/tra-2021-14
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-babel
Source-Version: 2.6.0+dfsg.1-1+deb10u1
Done: Moritz Mühlenhoff <[email protected]>
We believe that the bug you reported is fixed in the latest version of
python-babel, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated python-babel package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 03 Dec 2021 17:26:10 +0100
Source: python-babel
Architecture: source
Version: 2.6.0+dfsg.1-1+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Closes: 987824
Changes:
python-babel (2.6.0+dfsg.1-1+deb10u1) buster-security; urgency=medium
.
* CVE-2021-20095 (Closes: #987824)
Checksums-Sha1:
c5072aea76dfa0fd8ed0f62034ccb6e084b47ec6 2486
python-babel_2.6.0+dfsg.1-1+deb10u1.dsc
7ae3c0c458c414bf6fa459ce9130a785ebbef9a1 11287540
python-babel_2.6.0+dfsg.1.orig.tar.xz
45dcacb3382aca2f860d5c1ad6dbdc89351cee11 10476
python-babel_2.6.0+dfsg.1-1+deb10u1.debian.tar.xz
a60f2179c9e8efe9237f1d053232d271603afb6f 9148
python-babel_2.6.0+dfsg.1-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
cfdfd51f69b43089c4e7305fe4e375a616c3d7bbfef22d94ed965fa05a1b9671 2486
python-babel_2.6.0+dfsg.1-1+deb10u1.dsc
973c2d71d74f25823025818968994de76e330cd92aad879817797ce0654786d1 11287540
python-babel_2.6.0+dfsg.1.orig.tar.xz
7c91de8d018d0acf11b24115d0d20e33376a6d1c84ad17a83f47e3aa330febf7 10476
python-babel_2.6.0+dfsg.1-1+deb10u1.debian.tar.xz
92182f23612077efe52d15d959287840b33825cc5971987e0fa93548515b55ce 9148
python-babel_2.6.0+dfsg.1-1+deb10u1_amd64.buildinfo
Files:
7493b36e10dfc97a0c08bcb25a0720e8 2486 python optional
python-babel_2.6.0+dfsg.1-1+deb10u1.dsc
df147b3620ec5c968968d954cf87dde5 11287540 python optional
python-babel_2.6.0+dfsg.1.orig.tar.xz
f7b1d8b6683f2bea3c8ce2e3c5f56c18 10476 python optional
python-babel_2.6.0+dfsg.1-1+deb10u1.debian.tar.xz
81b6a3d60ba4c2a2e51605adb7bc6170 9148 python optional
python-babel_2.6.0+dfsg.1-1+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmGqOGgACgkQEMKTtsN8
TjbQYg/8DHpRwTJ2lzgSPC4Huw7QzPVM0sSUZOHIdtaG1moQpS4d4ULYAhkS17Q5
6tM0EZSfSLYBFGn9g2JbUkgpdV8cQvIvxHi8syx7SgibQ9OyM4yMTaQ8Jxh7fet2
n6L5UlK6O/3WgbLrIVsNi8TpD6RXG+cloFlZr/eF9834ftYl8+aCKpkd0BWrg4Rp
aO8V/AplUrtSAFkLDhi7RrWoX38mROIDcCQMyKPjN5gebn0r4htfq+ULS9cYjYJ/
sq17WS+IMHX7mwTpAhAMfvymkzqoyaVbEDting45JXC/ARZdTEO20FnUxRiFzxKR
wXQYGNk3BzXJXpPsYoGljF8mQzos2krY9GCif32b6NsptR/75KOo4YLCwI/k8FU3
ORRDYutpcXfaIpghq9v7aIBxxK4TttcNE6VmdC23R4MBiJ/EQHyV7GIqVbMC9D1O
grtyCkwvBJF//zMXQ6moXTNddB69weqF6pCn6n0fbcsCQ+PFkh13c4Zkoq2xqeTM
SZ/9vtBJSkU1N+kC2FTpQ2QHwu4TUcNFKNAU/duhxbre3DS58OEG4ypdSWUyIP8V
da7g1odzoizlTyApioeHzqe7+1qDH5ZF5akrD4Mv15GaSCazJeWrnTOtgsgDfF8T
H+kFYg2HwVVkUBvirn9TqFiYewI67RF0NAkit2XC3s4syRimQMQ=
=SyCQ
-----END PGP SIGNATURE-----
--- End Message ---
