Debian alert DLA-4393-1 (mako)

From:
             
 
Utkarsh Gupta <guptautkarsh2102@gmail.com>
To:
             
 
debian-lts-announce@lists.debian.org
Subject:
             
 
[SECURITY] [DLA 4393-1] mako security update
Date:
             
 
Wed, 03 Dec 2025 09:34:14 +0530
Message-ID:
             
 
<CAPP0f97FckaOZWt3=MZwo4WvFszkv7hx0R86qAUkBNm5mLaDRQ@mail.gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-4393-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
December 03, 2025                           https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : mako
Version        : 1.1.3+ds1-2+deb11u1
CVE ID         : CVE-2022-40023

It was found that Mako, a Python template library, was vulnerable to
a denial of service attack via crafted regular expressions.

For Debian 11 bullseye, this problem has been fixed in version
1.1.3+ds1-2+deb11u1.

We recommend that you upgrade your mako packages.

For the detailed security status of mako please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mako

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmkvtpsACgkQgj6WdgbD
S5aNOA//VIccf6d2kPTNGFxIF3hYkWuDRbHBkb1MfMHBDcH8XuSjgmtpqtzUtdy7
gFM+cchByn9iCIwlzGwNNVLP69pTrMixA1VhMHLK090EebhYyor4SVReBpy5oXb9
KmjG+TWe1VMmh1c+7i9uH9Bz+aFIYhUrRNVaoa0nnJ0HbiraaEcH5jm5/SySgMVx
4Av6LSKHrt+TH8T/h3mpKnZFFowkNPNuOonYKYK0gtEB8XiiaruRyqd5I05MI7ph
iUlpu5q7g/GJWeOsRncslbpIZxnwvdZAnl6kle6zHsyPMUvuD90pW/5peSsnvIGq
+CqfrEhNoEquUFulAdsgzX+lVcuFIb4WnI2jSE7uE+VDJyz7+tUdPRt6+j4g56WW
CMyo9m0eWLGPbctNS+Z7NM4ayDPG7BhmyGCb8rOddqR4V4+lyyUrX+ijy1M9ReIj
CbFdbtbN/abaGHWzJRErp6WzQ1+il+x0RbZLrBLyorJj53OpLMm2JK0e0TwAxqxx
+AXnOLumu9tSGQLbGzgTHkDPBoNo3+alPFWW9nUwiw+0G16sff1cyuw/1+wzFSTA
l3dugLZKfeEDysiDv48ohCjrC/h0s6/etXOmVFPEhupcMhY3Hf2xY9+Lp8uZYUkj
uFQ1FApoNjZlVxRapBeG/MkW4sN7pfTYVDOIQHxUe21keV0DP2o=
=vBSY
-----END PGP SIGNATURE-----