[SECURITY] [DLA 3116-1] mako security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3116-1] mako security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Wed, 21 Sep 2022 18:05:39 +0200 (CEST)
Message-id: <[🔎] 20220921160539.6EC682A040E@andromeda>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3116-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
September 21, 2022                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : mako
Version        : 1.0.7+ds1-1+deb10u1
CVE ID         : CVE-2022-40023

It was found that Mako, a Python template library, was vulnerable to a
denial of service attack via crafted regular expressions.

For Debian 10 buster, this problem has been fixed in version
1.0.7+ds1-1+deb10u1.

We recommend that you upgrade your mako packages.

For the detailed security status of mako please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mako

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmMrNlMACgkQnUbEiOQ2
gwIrMQ/9HoqyNwsyB3j7ssa4aga0Z+L8AIlLTY80W72CxvyDA+R/hRJN6xNQtR9O
SFgM1RaDJGyLTOl5jueRHamTjCtxOfW8X9bmP3/ZIBFVmB1pawDbqhIaBLMYpqBd
+x7y0QVOroEDnqoMnB7enIstTBXplJR3F6+/urL1skmsfZBMRUUl7dQsNDm1MWlo
/YtQRMn3ghfh0DkmiiDkL1PCabz7w49PBzAqSGB64P5zfTUWB+wuCEmbf42ENNmV
0V92NvUHjY1JuDqEbSoGbCUCk2kcIOAIW5FoF0XtzK+fRJcswPHRwRX7dNLOLDPY
BRuYlqGB9FTH3vIDVKcvn0NU58dHfzOkvWIQz14CFRKtqZgJNf2Lw3FIzdYyhnVE
uPU9rfk0QJno0orI6Gfktg34/IfYR0l0Mx2mP4VsNE9Qt0/sEXQWZOdD6yQ3ENig
qBAf3+cBDyfgecPJhTHKb8p6BYI7RWeTbj0trDIJJfb/f96YgcYrq4Nv9ishU8FB
GnheHzVqOgOM+Ej+xiHZpMBrHDYRUBvVorGIsjJZnKc1IW/Yt7W1oLsKDa7jLcx0
kRLzvEB8OvMkHBscESD+ZylYP1HHOJYi0OfwKhsnb3GU/2KQib7T30ZRxYQvDqBz
FIgU9AHItDkP9Ly37Ui8tDtZ7/iVhm1h31c/Gm2XnOddaFmkExw=
=bkZq
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3115-1] e17 security update
Next by Date: [SECURITY] [DLA 3117-1] mediawiki security update
Previous by thread: [SECURITY] [DLA 3115-1] e17 security update
Next by thread: [SECURITY] [DLA 3117-1] mediawiki security update
Index(es):
- Date
- Thread