Debian Security Advisory

DLA-2790-1 python-babel -- LTS security update

Date Reported:
21 Oct 2021
Affected Packages:
python-babel
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 987824.
In Mitre's CVE dictionary: CVE-2021-42771.
More information:

Tenable discovered that in Babel, a set of tools for internationalizing Python applications, Babel.Locale allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. This vulnerability was also previously addressed under CVE-2021-20095 in other distributions and suites.

For Debian 9 stretch, this problem has been fixed in version 2.3.4+dfsg.1-2+deb9u1.

We recommend that you upgrade your python-babel packages.

For the detailed security status of python-babel please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-babel

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS