1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5426-1] owslib security update

    From Aron Xu@21:1/5 to All on Wed Jun 14 04:30:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5426-1 security@debian.org https://www.debian.org/security/ Aron Xu
    June 14, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : owslib
    CVE ID : CVE-2023-27476
    Debian Bug : 1034182

    An arbitrary file reads from malformed XML payload vulnerbility was
    discovered in owslib, the Python client library for Open Geospatial (OGC)
    web services. This issue has been addressed by always using lxml as the
    XML parser with entity resolution disabled.

    For the oldstable distribution (bullseye), this problem has been fixed
    in version 0.23.0-1+deb11u1.

    We recommend that you upgrade your owslib packages.

    For the detailed security status of owslib please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/owslib

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmSJH/AACgkQO1LKKgqv 2VQBugf9EQeMoKzsAYfAG6NTgqF9hu5+SMNAlv2IsHzTJZwL8nOpXXhBDq6h2kvY wIScctrpjlJCOulvsYptnVS7hzHt/KqUSXzTap7fg4JxWkpaOylvcLvIwcbPbKSY 7KzpWk1mdvePj+ktFaFx/IGKzCD95FGZhMqBhHJc8yPWoZUG3zaL2E8X99gBOVdj FHz6OIhjChaDTGfMr8sV7EpNR5YshFVSeTamysyIGxZe41KWg5mxbnFO8BpIZHWl 9Tuz64xhp/QO9SjCDBWbd8zOuoouvaEtXgf8MyJjvPZkTX5PMIFvIVkKP3NHBnH6 MUo1mXDUIA7PStjost53yEkU7caRWQ==
    =DwF9
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)