-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 From: Lee Garrett <[email protected]> To: [email protected] Subject: [SECURITY] [DLA 4183-1] setuptools security update
- ------------------------------------------------------------------------- Debian LTS Advisory DLA-4183-1 [email protected] https://www.debian.org/lts/security/ Lee Garrett May 28, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : setuptools Version : 52.0.0-4+deb11u2 CVE ID : CVE-2025-47273 Debian Bug : 1105970 A path traversal vulnerability in `PackageIndex` was found in setuptools. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. For Debian 11 bullseye, this problem has been fixed in version 52.0.0-4+deb11u2. We recommend that you upgrade your setuptools packages. For the detailed security status of setuptools please refer to its security tracker page at: https://security-tracker.debian.org/tracker/setuptools Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQQzBAEBCgAdFiEE2EfGJRCpwv8kLOAs1gShxII+4PgFAmg3DsYACgkQ1gShxII+ 4PgRIx/8DpYJ2XXPoxaehFElM0wirJ/bYFE9cOJdoxWMKX4kQxqhxkqdIxLesKxE yBKdkGk1li3RszQDbfZdyt2rDUbSx04IEU43GWmScTyy28BneR3vYzAYfbxEe/1G E+IxIbkfePOBoTeSP645u3GPAS6moBeJ54PKHZI1BJqIKnXg0hdtG6RFhUptr1vj b/BeKZRlXo+2zBhfrqjutqWguWrzwbUN8Gdmo5IyRA2Lb9kXMyQ/PM43SDoOR8HR +JHmi4ymD2ZZh9oL6hiaa8MlFjxPVYYA1TYO4vC3L/Q81UOicDOova49/9dva4tF wyxqnZIUiIQx4crSfnRuZIb45w6fEiQQIES+ZML2zNiJqqKkIMYETOV9txFDI4wp jwCtciT2dZ6s0nOln5c5wQzYK4AQ8H0mDSXQkzLu0JDtqCplunzEKNlN7z5+duqY 90ytmyKL+bLOJBKijV+RgMVZbe78xkquxhyTFgtUt7KVooGNeoLbDcNrwDu26QdC lji1QExOHMvDNxtIojhCkIW4nKsBxAAP1VOZFRNGtaPL4OlO1QZIKRE7aY0jxr1s p/HSH1R5hL3WX0KNBl8fkSo/TeVNjMkcSQXncBkIe81jZ0OLq8Z4Tt9TMpZAAdcc bLxowe9SpknDiBYPland+cyRYoAi1VWFBGfBds+NTGXeK8thNaWrtN9htsUg1y3C 9kZ3UmRPV4b8q2nI8BbA/eEJSLaFSp5sRGa6ENC2F29Thm2XM0e2W84IMAzoDQzp aovE2zip8r3T2YyeOLLncC2j/clqzUqWd4UkE66iXqvw+ZfTKNok11ldtQGO037f lDP0PcH+66faBDTEjU7oaEHubRqBB/Eh7b3SLFoJNIqPo6pxHgPtcyDODpxxWGqE fz5dy3c/rQugLmGbY/kqFieN0iWsGN9T7GKFwJOrWCNjaqRWJgtES2rUeQ/MDU0W H4bDC5XguG9h2c8zGlVu4Qif3+B/KUwquphYVAMxmTu6s0Xim7laMVZgwWPdheGs v1ohJipeM0cPoSHAWkIg0ur4kWb3DPaRUNvv5QJJvnUypMqEnRT+8S1V7XAG6ACB 1ZB9guz05XfYYFoGSCSiBD66PIO6He/r+emTDcwIPwhJqxVftrmK3fuxCGlFm/8T FUgIwG9wFecxnxmI0eo0kbW5txRZx4iA/tP0yOJu0ICwI1LoTroOwTD1HDiMhIcW W+gK72KY5QSMvJ4mTWyMHx5l8kgPSe3nHmbSYNoRPMGGmZZtMJNJ8SA/RzrZvHI4 WwWR/cUNJhb42eRE6q9KrOYHPq/xQ5Y2W/EBGjG8zJvtsGfjRfoybgei98lY4mCG XhPPcpQsHkC0UpGq9tCjroNPElkWBA== =OY+o -----END PGP SIGNATURE-----
