Security Information / 2011 / Security Information -- DSA-2355-1 clearsilver

Debian Security Advisory

DSA-2355-1 clearsilver -- format string vulnerability

Date Reported:

30 Nov 2011

Affected Packages:

clearsilver

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2011-4357.

More information:

Leo Iannacone and Colin Watson discovered a format string vulnerability in the Python bindings for the Clearsilver HTML template system, which may lead to denial of service or the execution of arbitrary code.

For the oldstable distribution (lenny), this problem has been fixed in version 0.10.4-1.3+lenny1.

For the stable distribution (squeeze), this problem has been fixed in version 0.10.5-1+squeeze1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your clearsilver packages.