|
|
Subscribe / Log in / New account

Debian alert DLA-2727-1 (pyxdg)



From:
              Chris Lamb <lamby@debian.org>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 2727-1] pyxdg security update


Date:
              Tue, 03 Aug 2021 08:50:42 -0400


Message-ID:
              <162799487487.14211.18237595247787587348@copycat>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2727-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
August 03, 2021                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : pyxdg
Version        : 0.25-4+deb9u1
CVE ID         : CVE-2019-12761
Debian Bug     : #930099

It was discovered that there was a code injection issue in PyXDG,
a library used to locate freedesktop.org configuration/cache/etc.
directories.

For Debian 9 "Stretch", this problem has been fixed in version
0.25-4+deb9u1.

We recommend that you upgrade your pyxdg packages.

For the detailed security status of pyxdg please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pyxdg

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmEJOvMACgkQHpU+J9Qx
Hlgg4xAAwHgWh/mfhJ4NeAXZVjgPOfSq0oLFX/FHkzQiXDQIjLmjwaeA/tp9nIBH
aEy3TAasLpitQTLWN7PO0D2rCI3OtRZ6rFhyLO383+Uo+WMe6+kD5Mng5xIc/NxQ
ZqS3LgywI9PEk0P0UeH3D1a88NQboPVhvJBpDrLtklhaGhlY1jLeMpIeNdFbEuW9
JM640kSJSKaFxeXXChMAGBAX2gltOuQ7GI5OSiN9PBVZu4S8fix1pRF9Y/6rjfk/
+bl3lNwK4Bu7Ivnoc8gkfrdLqC7p1Y/Uh0bceecfK4AftpHxs2Tyl2mKVjnb1ivv
j2XKM11HE9ivCUXn4IIG20N+at+ojORJtupd7uNX0W21IQFPgnOLk3gVjpsvDQUO
SkD3dYt23TgoSQA7cfQNZ3LFM+qEVebRWF5tcXl4rm6v3CVLXSSFh8ypX2CCByAw
zFgQDvouIRQm86lZToD34+N3YW4Rch/tGqpIoGIrTQ8ZuW91x+LEuqvq3cwn9eOG
qMFjyQ5muQKXtyoJMqss+V5iLKSQw95wLBiwukLOHiDiwBxgd7SJQA8azq2DWKcH
uDqABH9XG/90zrhuxOYAqbJhdvp2bG477sNVIny5nclQ/KF3gnhFPtlYenT4uQfE
Afrp1XCzU/cKErf0DxjOI/88OtWPeDeiJ10kYhuYu0yQK9WW7WQ=
=ax6U
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds