-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4062-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 21, 2025 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : python-werkzeug Version : 1.0.1+dfsg1-2+deb11u2 CVE ID : CVE-2024-34069 Debian Bug : 1070711 It was discovered that there was a potential remote code execution vulnerability in python-werkzeug, a library used to create WSGI-based web applications in Python. This attack required the attacker to manipulate a developer into interacting with a domain & subdomain they control as well as enter the debugger PIN. But if successful, it would have allowed full access to the debugger, even if the server was only running on localhost. For Debian 11 bullseye, this problem has been fixed in version 1.0.1+dfsg1-2+deb11u2. We recommend that you upgrade your python-werkzeug packages. For the detailed security status of python-werkzeug please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-werkzeug Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAme4dz4ACgkQHpU+J9Qx Hlg7Qw//bKz6GtIBfEt0IGMyBB8NfuoetoxecrNQ+e10K5yEKAKlRgse2VZfV+Kj iHo3snME0uiRCTiY2gapwgTKH6OPLgHx5JUzmHV7hE1xF50oddcCGpfe0MjaKAGb ieU6b3yf531rsCvrm8sYy09IXpv0OpXvRJxHK4PYqrsKLJ9j5HMX5OA9G5XhrCai pJx26DXt5OErHFgeewbP+KykRj9v1X88PIZFaJNzL//d3k9LWL+k296zhawrMzGP nvdvrzP7s4ZkVrDluXsE90z23uivSrRPp6TJxkSh95IjG0p1+Nu+JK7vZxlyjR+i P6WXVKoED8Yrx0gq78sPUIDysuGMa/d10dlgiGw8D9AqyX5QZP7g11lCpTsQznwW y/fPrr+JqYEyptUh9K3lOVnLhXhmo+58uAPcrQkb0ysKQqBfbcPDEG60eBRt5D4i nbdFeNKWx11VksvsVGG98KbCLwDZ3TNX8wywXWLCjuemKpI5ER3E6rEd3jgju7Yh lDvQ/0uwAqT4dOCPzUT//+QxW9fr24xFqO2kPMrJ2uw4SflLjvx4VxhSfq1Vnt0r VsmBGHNSYo0CjGrSnefze6X5cXcxVCFPtmaY/uYIfcEq0f72WKHsRkemdKUBTbUl IMGOKfydxVRNrWFSbmc+WawO/Pi7q6NhJjo9qX9YRUQ60WBsjxQ= =qKPO -----END PGP SIGNATURE-----
