Debian 10261 Published by

A python-reportlab security update has been released for Debian GNU/Linux 9 Extended LTS to address two vulnerabilities.



ELA-983-1 python-reportlab security update

Package : python-reportlab
Version : 3.3.0-2+deb9u2 (stretch)

Related CVEs :
CVE-2019-19450
CVE-2020-28463

Vulnerabilities were found in python-reportlab, a Python library for creating
PDF documents.

CVE-2019-19450
The start_unichar function in paraparser.py was found to evaluate untrusted
user input, which could permit remote code execution.

CVE-2020-28463
It was discovered that img tags could be used for Server-side Request Forgery
(SSRF). The issue can be mitigated by using the new trustedSchemes and
trustedHosts rl_config variables. See “Inline Images” in ch. 6 of the
reportlab user manual.

ELA-983-1 python-reportlab security update