1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5470-1] python-werkzeug security update

    From Salvatore Bonaccorso@21:1/5 to All on Sun Aug 6 14:40:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5470-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 06, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : python-werkzeug
    CVE ID : CVE-2023-23934 CVE-2023-25577
    Debian Bug : 1031370

    Several vulnerabilities were discovered in python-werkzeug, a collection
    of utilities for WSGI applications.

    CVE-2023-23934

    It was discovered that Werkzeug did not properly handle the parsing
    of nameless cookies which may allow shadowing of other cookies.

    CVE-2023-25577

    It was discovered that Werkzeug could parse unlimited number of
    parts, including file parts, which may result in denial of service.

    For the oldstable distribution (bullseye), these problems have been fixed
    in version 1.0.1+dfsg1-2+deb11u1.

    We recommend that you upgrade your python-werkzeug packages.

    For the detailed security status of python-werkzeug please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-werkzeug

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTPlDVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Tf+Q//aeMto4dd1KPg5CyID1LMkB7MtvB6WqtKg2PbOsFqt0rtCXE/uFwYMUAA PRahKOcmSJEgKqtUcGakBXRxsSqZEYLohM/Jdr8WmWWpZcUuVBazSQZ6w28AspLE P0CaOyWZM7hD1ZFAjmpZ5yR0+Bs3p1WiaIl116noiQe4OVBfW1idBVDF0L+zO40r nmcPWUzwi2HcjkFK5l3a9avDuu8CsRNylcUukDc/uz99GPJSBycydff5Hh/K6k4K NQqI9FwPIRNdBxK84r+EYrmhWhVhPi6WcZ1Om8Wl/OQbuT/+pchytQpREbP2v0Dg QEVglP1J171NU5cKBuiE+zUMM1eEh0e6S7VTVt8Nc1t9x/0F+9akhUIAnyfLO9no KNDDr2Y5UNvUVGJ7+b2NlXTTkcqm3bCLciqmyCMavuDV2O48TD1n2yVAHjUzt/Yw ARqBizYMLTWqRLnNWG1dmyZp0VuZy80/PcaHCOh7Q1+78QHrlkr8KYptwhA8jj3c qhxbOORWkmphHwwtVIa2UNDQ3oRGYM9cgDYjcZqHFxZ5OueM/lDlDTFt7YGzGOMe K0bG0vmKT8KV4EUQkCfp/eU8ei+nOUjmAIP0sqyvh6bOp+CY88hwvC6PZ8OMg+Ue oOg3RJQqRfpFcQ4MLJe0hXbmbLQKyjD1jn7w7v5nRsj/5tF9FxQ=
    =oxjB
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)