• [SECURITY] [DSA 5791-1] python-reportlab security update

    From Moritz Muehlenhoff@21:1/5 to All on Sun Oct 13 20:30:02 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5791-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 13, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : python-reportlab
    CVE ID : CVE-2023-33733

    Elyas Damej discovered that a sandbox mechanism in ReportLab, a Python
    library to create PDF documents, could be bypassed which may result in
    the execution of arbitrary code when converting malformed HTML to a PDF document.

    For the stable distribution (bookworm), this problem has been fixed in
    version 3.6.12-1+deb12u1.

    We recommend that you upgrade your python-reportlab packages.

    For the detailed security status of python-reportlab please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/python-reportlab

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcMDm4ACgkQEMKTtsN8 Tja2Lw//RW9W1X/NuzRQKUmUf+5jPBY48jOsfoOCjJTEUXSjptjP0m5QA/xsd78b 2C4Eq9SooafXXPufiJGbtYs0CP4Xvuok/G1rPkgpcZPYQ2m9Bbcrp6JAMrb/CeAu msuBCQc7IgaCz8AkMh81JxNy5CqVvh9EJdKgZYyviT7wa5Bqyx6TBicfQHdZ8bNk 6xQqh0S3+rzkKoau9YE0rYWRZ/AOLki5PUGqsEJOzXFpwn4Ahvk/pBCTra7E/k0o L2bUmVSFtTJcdowtofbh/c9K8ZQmI0k8CMU82LU4cTaV6UjK+498JWpQLl6uq5RI SKppR3I5tsk+DVAve4ek1yAyXNrgscm1u62IxSDQpuBc3GgW6cN5nrKYHoALdnji RD+8OSChTIOpbVSZ4y9tUFU7mHRoVkne4pNohujV/8M1umupJ108nXA34avR+B7D sResI70m19/ocLR5uH1v/rGO4FUrSfAKgOYBR8ryO/YcbDROixyOHFN7vxCUxXF3 UPc3uPVuQilHOCi0w+S4JxcLywFXoDIj1qtGlzKA9rtAMA6okHILJKCy43lEo+36 nr0WZMZuF7kDQLPkpb1+6zf3Mxwj8QrpRFCT+DYyLfg5MLYLM4Trbavtpk/faXQo P+pLMfjIaq8Nrd7/UOXFQXWFSUh8YwOm99je9zr1Am35zftZnNU=
    =MICC
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)