[SECURITY] [DLA 2861-1] rdflib security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2861-1] rdflib security update
From: Adrian Bunk <bunk@debian.org>
Date: Tue, 28 Dec 2021 15:20:41 +0200
Message-id: <[🔎] 20211228132041.GA22476@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2861-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
December 28, 2021                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : rdflib
Version        : 4.2.1-2+deb9u1
CVE ID         : CVE-2019-7653
Debian Bug     : 921751

The python-rdflib-tools package (tools for converting to and from RDF) 
had wrappers that could load Python modules from the current working 
directory, allowing code injection.

For Debian 9 stretch, this problem has been fixed in version
4.2.1-2+deb9u1.

We recommend that you upgrade your rdflib packages.

For the detailed security status of rdflib please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rdflib

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHLDykACgkQiNJCh6LY
mLF50g//TKenyICoR8VH6nTWHsY5rg1p21HXNEmQ+CpleWPPbgY1yATUj4UQmj2K
jOOVZ/dyzFJ6CcAx8ocHEOcIa67KHIMLWqogDMJ33kMJdUDGmPi79sZBGI7ZL94T
g09uGPdOxpIhv8lijpdKiIx0JxCUYUilm+V2IKliJEjlBo7ZS452FM7ynIEWO6Fo
hJHvKtJhrvBtPHFDuYS2x/toOyavJI1mKlsRq2518v06ii29a0cWuM3zyAr5yHs6
Xhv9VPZOXOoRvbXm34RJdAxvMlQ5aJ1LeU7sJhJLaBHhGYnJZ82S9D1GefKdu49u
BIdn1SKFonap9n+CJyytpiKL/CE8McpmmPjQaQyAu756g7YK35oPwJ3OfCheyDbS
7qEECoNbu5/M6amCiZjyXdBSD+AYTbhzI42dTmMHfJcBmt/+7lGyI2GUBH9aLAGp
ZgJ6jsoluD3Aj4lMAyBNZHSoU+xb6fmohChMoateJiVaaDc27duI+d6weZfqWrzq
vZseHwXPPvhauH/MRnRe7wKMnEU5jIBQK/hQGbX6dH9lhkB+94qLNi8HFc43s52I
3942nnjQHt7afLlXRPHL58GPN+Hx+TvWZyMikewkdYKcbhn4jAglwP/1QFpeLIda
d0XNsYutfovs74QP9jb01pWouasqDMGKD0jYzAM8yp1eDZL07Yg=
=r7t7
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2860-1] paramiko security update
Next by Date: [SECURITY] [DLA 2862-1] python-gnupg security update
Previous by thread: [SECURITY] [DLA 2860-1] paramiko security update
Next by thread: [SECURITY] [DLA 2862-1] python-gnupg security update
Index(es):
- Date
- Thread