Debian 10261 Published by

A python-babel security update has been released for Debian GNU/Linux 8 Extended LTS to address an arbitrary code execution vulnerability.



ELA-646-1 python-babel security update

Package python-babel
Version 1.3+dfsg.1-5+deb8u1 (jessie)
Related CVEs CVE-2021-42771

An arbitrary code execution vulnerability was discovered in python-babel, a library for internationalizing Python applications.

Attackers could load arbitrary locale .data files (containing serialized Python objects) via a directory traversal attack, leading to code execution.

For Debian 8 jessie, these problems have been fixed in version 1.3+dfsg.1-5+deb8u1.

We recommend that you upgrade your python-babel packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-646-1 python-babel security update