[SECURITY] [DSA 2355-1] clearsilver security update

2011-11-3021:28:52

lists.debian.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.093 Low

EPSS

Percentile

94.6%

JSON

Debian Security Advisory DSA-2355-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
November 30, 2011 http://www.debian.org/security/faq

Package : clearsilver
Vulnerability : format string vulnerability
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-4357

Leo Iannacone and Colin Watson discovered a format string vulnerability
in the Python bindings for the Clearsilver HTML template system, which
may lead to denial of service or the execution of arbitrary code.

For the oldstable distribution (lenny), this problem has been fixed in
version 0.10.4-1.3+lenny1.

For the stable distribution (squeeze), this problem has been fixed in
version 0.10.5-1+squeeze1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your clearsilver packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6mipslibclearsilver-perl< 0.10.5-1+squeeze1libclearsilver-perl_0.10.5-1+squeeze1_mips.deb
Debian6amd64clearsilver-dev< 0.10.5-1+squeeze1clearsilver-dev_0.10.5-1+squeeze1_amd64.deb
Debian6ia64libclearsilver-perl< 0.10.5-1+squeeze1libclearsilver-perl_0.10.5-1+squeeze1_ia64.deb
Debian5mipsclearsilver-dev< 0.10.4-1.3+lenny1clearsilver-dev_0.10.4-1.3+lenny1_mips.deb
Debian5mipselclearsilver-dev< 0.10.4-1.3+lenny1clearsilver-dev_0.10.4-1.3+lenny1_mipsel.deb
Debian6kfreebsd-i386libclearsilver-perl< 0.10.5-1+squeeze1libclearsilver-perl_0.10.5-1+squeeze1_kfreebsd-i386.deb
Debian6i386python-clearsilver< 0.10.5-1+squeeze1python-clearsilver_0.10.5-1+squeeze1_i386.deb
Debian5sparclibclearsilver-perl< 0.10.4-1.3+lenny1libclearsilver-perl_0.10.4-1.3+lenny1_sparc.deb
Debian6kfreebsd-i386python-clearsilver< 0.10.5-1+squeeze1python-clearsilver_0.10.5-1+squeeze1_kfreebsd-i386.deb
Debian5sparcclearsilver-dev< 0.10.4-1.3+lenny1clearsilver-dev_0.10.4-1.3+lenny1_sparc.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	mips	libclearsilver-perl	< 0.10.5-1+squeeze1	libclearsilver-perl_0.10.5-1+squeeze1_mips.deb
Debian	6	amd64	clearsilver-dev	< 0.10.5-1+squeeze1	clearsilver-dev_0.10.5-1+squeeze1_amd64.deb
Debian	6	ia64	libclearsilver-perl	< 0.10.5-1+squeeze1	libclearsilver-perl_0.10.5-1+squeeze1_ia64.deb
Debian	5	mips	clearsilver-dev	< 0.10.4-1.3+lenny1	clearsilver-dev_0.10.4-1.3+lenny1_mips.deb
Debian	5	mipsel	clearsilver-dev	< 0.10.4-1.3+lenny1	clearsilver-dev_0.10.4-1.3+lenny1_mipsel.deb
Debian	6	kfreebsd-i386	libclearsilver-perl	< 0.10.5-1+squeeze1	libclearsilver-perl_0.10.5-1+squeeze1_kfreebsd-i386.deb
Debian	6	i386	python-clearsilver	< 0.10.5-1+squeeze1	python-clearsilver_0.10.5-1+squeeze1_i386.deb
Debian	5	sparc	libclearsilver-perl	< 0.10.4-1.3+lenny1	libclearsilver-perl_0.10.4-1.3+lenny1_sparc.deb
Debian	6	kfreebsd-i386	python-clearsilver	< 0.10.5-1+squeeze1	python-clearsilver_0.10.5-1+squeeze1_kfreebsd-i386.deb
Debian	5	sparc	clearsilver-dev	< 0.10.4-1.3+lenny1	clearsilver-dev_0.10.4-1.3+lenny1_sparc.deb