[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2950-1] python-scrapy security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2950-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
March 16, 2022                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : python-scrapy
Version        : 1.0.3-2+deb9u1
CVE ID         : CVE-2021-41125 CVE-2022-0577

It was found that Scrapy, a framework for extracting data from websites,
could send HTTP Authorization as well as cookies to other domains in case
of redirections, possibly leaking user credentials.

For Debian 9 stretch, these problems have been fixed in version
1.0.3-2+deb9u1.

We recommend that you upgrade your python-scrapy packages.

For the detailed security status of python-scrapy please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-scrapy

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmIx0I8ACgkQnUbEiOQ2
gwKNvw/+MniywnqwPiX+P/pT2FQ9wzPEd/ECTGqOVw237jR+Iz9kWX3qecnTyQrx
VwoK5AYvjX0u5kDuw8mLD1iVP7JGWtF+HGnsSJEVlQhvPSMUsOp2kZoB4+lI5UyV
j7xZgl1uuRddjuc9o370nJIoWWep4DVrd64Ssa5eAeTspTeNC4Vmo0BIHIcE1Now
2jGJ+g/mk+KzqckY8GJyYujVLaTeYpcLC7QzaF1uw2N1qtT+i67m6BRJ+fJprO9s
pRerH5ltqXiQ5lTHOUNPTY4E/zxpUnwwvEaF9PLIWwpMGH0wGPDkQKkbrrC3njtq
E6v9QxptB/Wt/fbiITNbCTJ6xIhcef9FVfyqvlM7M8RtWrX/F/94hLVFXHGJDPnB
LTxmYKia9x6o7yZ3mg1DJbrpZgrYszhVIwZ/1h4kJYHrQQEp6PhH7ANFuvXoRdeX
29JOPoVc+T7NV5VD0XsGT7ShYwzG6NDFiLlui5aA8DdDY/62tEbjaxrZbW728wkw
a/TwFBOJVHz4Gm0xg14iiNrHAX0n0nQrzB9BbjLnX2EYEfPWokXg2tx3l6xih5F6
UMr8Coukzwt67ZUcnVAFvZTMqyT91tpwbYRJF981vY9pOtJR9VEOHiUPpRm2p52P
/8STCNQaTe1BbXQczQjibDTv86xgwXfit9Nf1cywaorij0tDQ1o=
=u+85
-----END PGP SIGNATURE-----


Reply to: