[SECURITY] [DLA 2950-1] python-scrapy security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2950-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
March 16, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : python-scrapy
Version : 1.0.3-2+deb9u1
CVE ID : CVE-2021-41125 CVE-2022-0577
It was found that Scrapy, a framework for extracting data from websites,
could send HTTP Authorization as well as cookies to other domains in case
of redirections, possibly leaking user credentials.
For Debian 9 stretch, these problems have been fixed in version
1.0.3-2+deb9u1.
We recommend that you upgrade your python-scrapy packages.
For the detailed security status of python-scrapy please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-scrapy
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmIx0I8ACgkQnUbEiOQ2
gwKNvw/+MniywnqwPiX+P/pT2FQ9wzPEd/ECTGqOVw237jR+Iz9kWX3qecnTyQrx
VwoK5AYvjX0u5kDuw8mLD1iVP7JGWtF+HGnsSJEVlQhvPSMUsOp2kZoB4+lI5UyV
j7xZgl1uuRddjuc9o370nJIoWWep4DVrd64Ssa5eAeTspTeNC4Vmo0BIHIcE1Now
2jGJ+g/mk+KzqckY8GJyYujVLaTeYpcLC7QzaF1uw2N1qtT+i67m6BRJ+fJprO9s
pRerH5ltqXiQ5lTHOUNPTY4E/zxpUnwwvEaF9PLIWwpMGH0wGPDkQKkbrrC3njtq
E6v9QxptB/Wt/fbiITNbCTJ6xIhcef9FVfyqvlM7M8RtWrX/F/94hLVFXHGJDPnB
LTxmYKia9x6o7yZ3mg1DJbrpZgrYszhVIwZ/1h4kJYHrQQEp6PhH7ANFuvXoRdeX
29JOPoVc+T7NV5VD0XsGT7ShYwzG6NDFiLlui5aA8DdDY/62tEbjaxrZbW728wkw
a/TwFBOJVHz4Gm0xg14iiNrHAX0n0nQrzB9BbjLnX2EYEfPWokXg2tx3l6xih5F6
UMr8Coukzwt67ZUcnVAFvZTMqyT91tpwbYRJF981vY9pOtJR9VEOHiUPpRm2p52P
/8STCNQaTe1BbXQczQjibDTv86xgwXfit9Nf1cywaorij0tDQ1o=
=u+85
-----END PGP SIGNATURE-----
Reply to: