-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3470-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk June 25, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : owslib Version : 0.17.1-1+deb10u1 CVE ID : CVE-2023-27476 Debian Bug : 1034182 In OWSLib, a Python client library for Open Geospatial web services, the XML parser did not disable entity resolution which could lead to arbitrary file reads from an attacker-controlled XML payload. For Debian 10 buster, this problem has been fixed in version 0.17.1-1+deb10u1. We recommend that you upgrade your owslib packages. For the detailed security status of owslib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/owslib Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmSYiM0ACgkQiNJCh6LY mLELOg/+Keop2FuqZy4UyyYsa3f6EZDUn3Nucc5cUIMppbzUC1CchtBW3QPaBaDI q+iNwFOShjFeSzGTvmlsXVEG8t4AARoM4Kt/sjaseMTxoP5GQI/QS2eRTFUJBpJg uVqKF7gcUCrEjDvxX9oQ6nx+kPMFIwmCLALDiKoE1s59t9t8i4yyh0UrfE8jvNDT +pd6PEZFuzEdZJghJvi8qZhaWv27vlOVKmZE1A9Kgn+5cQ1H0jZ8pv3cQd8ju1ss /E0fExwenWd4niBg1sG9V71FgZKM6r3iPXIAqKpbDFvREJlhMGKUDvWrfQC/gHIq P8qhjCiZsbii3T6hiSfRnGy5BT9p4Z81GMR0UIR3K7xU4Em5nOUUliQnT8yJhPaq 1crGQiI4YEhCZTeRdWeNQaaRKSDfBzTIDBrA76cyre9ZHQoy85ea+uKLOm5fVf/C cN3bKlZxs+ceaH6qNz9cs8RsEpznHUC6YgdPZqGUG2hbdyjN6bJIiKP0oyXb6nuW ZlsxkZQ8ZmTFY/DUu5njj//itKhHBoukmakAD5lpaV3WOGxDgOpIlFhjluQJqkDN BepJYT6gcZIL0z/SK5sAWtl2i3fSui1dhcW0x5rfkYohVGKQdxdpOvt3ps6hWz7X axTOr5EeOXwyoiCrLnnJlEW8ZdNtnkLZ5GoHD5Uv6p/QQ7s86jQ= =AjNS -----END PGP SIGNATURE-----