[SECURITY] [DLA 2112-1] python-reportlab security update

2020-02-2015:36:33

lists.debian.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.051 Low

EPSS

Percentile

93.0%

JSON

Package : python-reportlab
Version : 3.1.8-3+deb8u2
CVE ID : CVE-2019-17626
Debian Bug : 942763

It was found that ReportLab, a Python library to create PDF documents,
did not properly parse color strings, allowing an attacker to execute
arbitrary code through a crafted input document.

For Debian 8 "Jessie", this problem has been fixed in version
3.1.8-3+deb8u2.

We recommend that you upgrade your python-reportlab packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10arm64python-renderpm-dbg< 3.5.13-1+deb10u1python-renderpm-dbg_3.5.13-1+deb10u1_arm64.deb
Debian9amd64python3-reportlab-accel< 3.3.0-2+deb9u1python3-reportlab-accel_3.3.0-2+deb9u1_amd64.deb
Debian10armelpython-renderpm< 3.5.13-1+deb10u1python-renderpm_3.5.13-1+deb10u1_armel.deb
Debian8amd64python3-renderpm< 3.1.8-3+deb8u2python3-renderpm_3.1.8-3+deb8u2_amd64.deb
Debian10mipspython-reportlab-accel< 3.5.13-1+deb10u1python-reportlab-accel_3.5.13-1+deb10u1_mips.deb
Debian10mipspython-reportlab-accel-dbg< 3.5.13-1+deb10u1python-reportlab-accel-dbg_3.5.13-1+deb10u1_mips.deb
Debian8armelpython-renderpm-dbg< 3.1.8-3+deb8u2python-renderpm-dbg_3.1.8-3+deb8u2_armel.deb
Debian10ppc64elpython-renderpm-dbg< 3.5.13-1+deb10u1python-renderpm-dbg_3.5.13-1+deb10u1_ppc64el.deb
Debian10i386python-reportlab-accel-dbg< 3.5.13-1+deb10u1python-reportlab-accel-dbg_3.5.13-1+deb10u1_i386.deb
Debian10i386python-reportlab-accel< 3.5.13-1+deb10u1python-reportlab-accel_3.5.13-1+deb10u1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	arm64	python-renderpm-dbg	< 3.5.13-1+deb10u1	python-renderpm-dbg_3.5.13-1+deb10u1_arm64.deb
Debian	9	amd64	python3-reportlab-accel	< 3.3.0-2+deb9u1	python3-reportlab-accel_3.3.0-2+deb9u1_amd64.deb
Debian	10	armel	python-renderpm	< 3.5.13-1+deb10u1	python-renderpm_3.5.13-1+deb10u1_armel.deb
Debian	8	amd64	python3-renderpm	< 3.1.8-3+deb8u2	python3-renderpm_3.1.8-3+deb8u2_amd64.deb
Debian	10	mips	python-reportlab-accel	< 3.5.13-1+deb10u1	python-reportlab-accel_3.5.13-1+deb10u1_mips.deb
Debian	10	mips	python-reportlab-accel-dbg	< 3.5.13-1+deb10u1	python-reportlab-accel-dbg_3.5.13-1+deb10u1_mips.deb
Debian	8	armel	python-renderpm-dbg	< 3.1.8-3+deb8u2	python-renderpm-dbg_3.1.8-3+deb8u2_armel.deb
Debian	10	ppc64el	python-renderpm-dbg	< 3.5.13-1+deb10u1	python-renderpm-dbg_3.5.13-1+deb10u1_ppc64el.deb
Debian	10	i386	python-reportlab-accel-dbg	< 3.5.13-1+deb10u1	python-reportlab-accel-dbg_3.5.13-1+deb10u1_i386.deb
Debian	10	i386	python-reportlab-accel	< 3.5.13-1+deb10u1	python-reportlab-accel_3.5.13-1+deb10u1_i386.deb