-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2595-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb March 17, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : velocity Version : 1.7-5+deb9u1 CVE ID : CVE-2020-13936 Debian Bug : #985220 It was discovered that there was a potential arbitrary code execution vulnerability in velocity, a Java-based template engine for writing web applications. It could be exploited by applications which allowed untrusted users to upload/modify templates. For Debian 9 "Stretch", this problem has been fixed in version 1.7-5+deb9u1. We recommend that you upgrade your velocity packages. For the detailed security status of velocity please refer to its security tracker page at: https://security-tracker.debian.org/tracker/velocity Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmBR9NsACgkQHpU+J9Qx Hlgmhg//YP7zsV3uS03Tbt9m3Mx9mzHd7R1JGRGmdzsCqjeODHoh+MAsB3wqHciH PqIbr/vicOvLmuH4923Q1iYyV14IL7LhnLlx2rWxEnvc++mHWb5nMeRe3kIUDvCZ 71fyNDu4iCzaR6Hl/SS6ma5vzjkIyd/xeE78PsBDKfUU/rr3Xg6IxGy0bdgryPWD hddysJjkX4qnsyLyoTVKw03ysrCpBNo260PUHYGgxB6fHe0T+PAVwLidBeTxvwCM PtkR3JPhztRa2CaslXg5HvOQTYtCpP85LuJYs8jTR4ZNgam9WMetdeXcDVVUW4or csjHZKu7Hne/9eG8rABHdxO6ToWaXDzS9lAJpFkw2XvNWbhWtTH7Wj9LFnmkdBEW 3WahT9gHpn9Njonao+WnYE6TBQtSt/dfRVgXcVAKPXY/sPy0Qm68993Kq5wRhLfb ZKDDFL84+8eFfPXbNOgj4UuvLO+995vCT59wbEJ5zjprm3F7X5jdpuaXJs/9Yxg6 fuTF0Y5/pOFxn/4fx/ZfAPF7yy9NEBdsWbS83KFhBWO9cYo6CpxNuPzuDr7fX+S6 uzT7hYum7ygKzM6i2bhqxan5fjvtK7GmLGuyUshvN7s8OCplrPNLLmb5GpkPaXh7 GzvIweBRUr5NLeh/Kxpaoz/rjpgLFHZrka5vrDTXVDR0vcdoCb0= =ebaI -----END PGP SIGNATURE-----
