Debian Security Advisory

DSA-5426-1 owslib -- security update

Date Reported:
14 Jun 2023
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 1034182.
In Mitre's CVE dictionary: CVE-2023-27476.
More information:

An arbitrary file reads from malformed XML payload vulnerbility was discovered in owslib, the Python client library for Open Geospatial (OGC) web services. This issue has been addressed by always using lxml as the XML parser with entity resolution disabled.

For the oldstable distribution (bullseye), this problem has been fixed in version 0.23.0-1+deb11u1.

We recommend that you upgrade your owslib packages.

For the detailed security status of owslib please refer to its security tracker page at: