-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2754-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA September 04, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : pywps Version : 4.0.0-3+deb9u1 CVE ID : CVE-2021-39371 An XML external entity (XXE) injection in pywps allows an attacker to view files on the application server filesystem by assigning a path to the entity. For Debian 9 stretch, this problem has been fixed in version 4.0.0-3+deb9u1. We recommend that you upgrade your pywps packages. For the detailed security status of pywps please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pywps Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmEzVWIACgkQhj1N8u2c KO8l3A//aBYTDFgaNsPgCMUn+ipVY1/KOELbEpMOnXaww9fIwTNxBVPwrCQO7uej yEdstbMGrZ23pB+2IxO+6ma/1Z+y5XWUHgtnOLE6Qfcafo+22O/8WRYeJgf1a7id veKRQCspXVclFKnfkiPQb/Yr3BLE8m9OrAozRG7LUICE9ILKVpd5JQ8Qiexrhwp4 djWjPSdvDJWmRR4m30t8F4Y/gQK3DpNJrTZfWT5YPo6375JVDi+8FTfMyWWCHrMq 2tSDPyuA5ArZpsPCjRc2gfDy/OAjUpGoXMIqUbR/8lHZbO1Jqle+nb+Bj2kwBbR7 456dQQb03tvX+jhthyb6eXwvnngC0WhgpVqJ/QY+T5czZHLXDxxraCvzI80k+6w+ RGQ0uyO/b5UIwK70dfXNXAXio1dlw0o0IDqqY/AprqEbkMVBky0wKyiooeF56KsX Xf+zSyS+eikn0PloaV0RaEntjYeyWMyHPZbvRvdygYsy0NbANoxxHHCShGYBg6mV uAag4lhZ9qxzMrIIHtaR7ayVXqq7Sd7BHOvs2cAeJJWaLCzbAVIRL6v4EDxqMk+c osNW/OhIgApcCIFg87CVPBhn7GwS1EcB+i8r3qiAhOFXW4MyLj55bf425BnJwVyo MvE4OLLOq1WHy1gix4gKfLUIG3zU5kdYLL2FX+mUa2OuFUGLrsM= =TdJO -----END PGP SIGNATURE-----
