Debian Security Advisory
DSA-2355-1 clearsilver -- format string vulnerability
- Date Reported:
- 30 Nov 2011
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2011-4357.
- More information:
Leo Iannacone and Colin Watson discovered a format string vulnerability in the Python bindings for the Clearsilver HTML template system, which may lead to denial of service or the execution of arbitrary code.
For the oldstable distribution (lenny), this problem has been fixed in version 0.10.4-1.3+lenny1.
For the stable distribution (squeeze), this problem has been fixed in version 0.10.5-1+squeeze1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your clearsilver packages.