[SECURITY] [DLA 3477-1] python3.7 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3477-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk June 30, 2023 https://wiki.debian.org/LTS - - Package: python3.7 Version: 3.7.3-2+deb10u5 CVE ID : CVE-2015-20107 CVE-2020-10735 CVE-2021-3426 CVE-2021-3733 CVE-2021-3737 CVE-2021-4189 CVE-2022-45061 Several vulnerabilities were fixed in the Python3 interpreter. CVE-2015-20107 The mailcap module did not add escape characters into commands discovered in the system mailcap file. CVE-2020-10735 Prevent DoS with very large int. CVE-2021-3426 Remove the pydoc getfile feature which could be abused to read arbitrary files on the disk. CVE-2021-3733 Regular Expression Denial of Service in urllib's AbstractBasicAuthHandler class. CVE-2021-3737 Infinite loop in the HTTP client code. CVE-2021-4189 Make ftplib not trust the PASV response. CVE-2022-45061 Quadratic time in the IDNA decoder. For Debian 10 buster, these problems have been fixed in version 3.7.3-2+deb10u5. We recommend that you upgrade your python3.7 packages. For the detailed security status of python3.7 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python3.7 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmSfQHAACgkQiNJCh6LY mLFENA/9GmRVfnKG5p47RlAX2dibE+2fBguKS9U9CnvRcal/2UdxZ+viFNQfzAlH mHpNcd3btQujxjeXba5BFiIJlVCL4osKItRuMRyfipj08W2+GQBoy/lNYbROAJ9r HziNN0ixV9HKymcKwIpiFp7pE2wM+xMjhlITIFiojZ5VAGDncXWL40tHcjJ3hEqY p3wDLflPqncp/Te83BooXGgkDVh1xycacrpvSRRdqgLC2cahODLy5t8WiU7jdQsI 84TPOMFvAqyH9JWGBMt+scejm912tuCkNP+BYr7jn/5wU+M+Bb2VZqlI1c9f723o D9idXWgka0ArMaIQI3sog1PehXL/01ZUD2vFWFYIccXeCuTT3tgM/JROYGvK3Ftn gEJiaZfr2J5Z0F8S8mcy59E9vNmIkIqD4QIjOk7/B2Wnn/WcoNs70GjybDLURD5a JwxQrDY5kf9WgeuiTWVhwRVtfy54eXHPKWMJ5bDbT2DztxQZ2jPDeZW204SP1M+9 5uokvXfEfYyEtr6s77xfJVf2zhKLkVflokgeOjDJh3hhz/ypRXVJ9GVaYNkPnvwj nU23kvCVCBGcGYt72dvcH1Xx5UEpAqw/IEwq1C2CRSxaz7B/SrmppeDEkE8E6ZL4 g3lmJWtuPS7iMCOucA2szaYDVuOuWxIozCaTHT4vn42LKuVWQ6k= =we+R -END PGP SIGNATURE-
[SECURITY] [DLA 3476-1] cups security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3476-1debian-...@lists.debian.org https://www.debian.org/lts/security/Thorsten Alteholz June 30, 2023 https://wiki.debian.org/LTS - - Package: cups Version: 2.2.10-6+deb10u8 CVE ID : CVE-2023-34241 An issue has been found in cups, the Common UNIX Printing System(tm). Due to a use-after-free bug an attacker could cause a denial-of-service. In case of having access to the log files, an attacker could also exfiltrate private keys or other sensitive information from the cups daemon. For Debian 10 buster, this problem has been fixed in version 2.2.10-6+deb10u8. We recommend that you upgrade your cups packages. For the detailed security status of cups please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cups Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmSfF2JfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEeSzQ//Q1G2W7K92B54fgH5lIA/7adrvxRLQY15jFicX+DmZBA3PH5LiOZTv6oC CKWOOvrmGxjg5qIalpnn9JFugHzAE5DEfNG4crZ3DMdnD7vv6krFEz5CjN7znMUb GSC0WsE025eg3d53TAtMIvWg2PRApPU35Nm/BCRkDJEBIAdksjRfFnGsMSMbWyO9 MG7Q21t8s3NeUYKki01eiN71GYf9dHmrboxUtN8Gre3J6mXUbn45+2NadTn9J8gF lz5OjVIv9D3roLbXS0DtaWFxsrZY3vogqzxj1UVVOD814x9s01SEkd5COStlBuYI oj3sh//qLvPmEdbs232QEOnK996ytr8dkM7kq4Brp3LDCnasgtYZS5E+tSYDpHUl TW61H/G1EnrVWM9oRqpyc3RrvvrFaAMWTwlQ+TC1kJx9msIEFn8q0jdCmD2gqdzZ T+ss/UhtY2wCIgn1G8H/60/Cc+YGMzCl92GI8YaeX4iJos/HhK+LW7ximqtrxCMK Dzl2yCA4OVz0oWMUIG9+AUqBq0U2T3pZyimkZEEOErZIOt4DUCfmlMHdDzeu3APp PhffO+W7xvvORWUAOOgB4QpecGZBky5KwkbFQycO2nvSIAf9XBcEzNKoaxnFd4Oe Ty2qele+pt9K8HdxoJL+D1sOLINfpladyOIeAWB1qQJhBeIumvE= =MUfz -END PGP SIGNATURE-