Lucene search

DebianDEBIAN:DSA-3445-1:C8E1B

HistoryJan 13, 2016 - 10:13 p.m.

[SECURITY] [DSA 3445-1] pygments security update

2016-01-1322:13:38

lists.debian.org

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.015

Percentile

86.8%

JSON

Debian Security Advisory DSA-3445-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
January 13, 2016 https://www.debian.org/security/faq

Package : pygments
CVE ID : CVE-2015-8557
Debian Bug : 802828

Javantea discovered that pygments, a generic syntax highlighter, is
prone to a shell injection vulnerability allowing a remote attacker to
execute arbitrary code via shell metacharacters in a font name.

For the oldstable distribution (wheezy), this problem has been fixed
in version 1.5+dfsg-1+deb7u1.

For the stable distribution (jessie), this problem has been fixed in
version 2.0.1+dfsg-1.1+deb8u1.

For the testing distribution (stretch), this problem has been fixed
in version 2.0.1+dfsg-2.

For the unstable distribution (sid), this problem has been fixed in
version 2.0.1+dfsg-2.

We recommend that you upgrade your pygments packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6allpython-pygments< 1.3.1+dfsg-1+deb6u11python-pygments_1.3.1+dfsg-1+deb6u11_all.deb
Debian6allpygments< 1.3.1+dfsg-1+deb6u11pygments_1.3.1+dfsg-1+deb6u11_all.deb
Debian8allpython3-pygments< 2.0.1+dfsg-1.1+deb8u1python3-pygments_2.0.1+dfsg-1.1+deb8u1_all.deb
Debian7allpython-pygments< 1.5+dfsg-1+deb7u1python-pygments_1.5+dfsg-1+deb7u1_all.deb
Debian7allpygments< 1.5+dfsg-1+deb7u1pygments_1.5+dfsg-1+deb7u1_all.deb
Debian8allpython-pygments-doc< 2.0.1+dfsg-1.1+deb8u1python-pygments-doc_2.0.1+dfsg-1.1+deb8u1_all.deb
Debian8allpython-pygments< 2.0.1+dfsg-1.1+deb8u1python-pygments_2.0.1+dfsg-1.1+deb8u1_all.deb
Debian8allpygments< 2.0.1+dfsg-1.1+deb8u1pygments_2.0.1+dfsg-1.1+deb8u1_all.deb
Debian7allpython3-pygments< 1.5+dfsg-1+deb7u1python3-pygments_1.5+dfsg-1+deb7u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	all	python-pygments	< 1.3.1+dfsg-1+deb6u11	python-pygments_1.3.1+dfsg-1+deb6u11_all.deb
Debian	6	all	pygments	< 1.3.1+dfsg-1+deb6u11	pygments_1.3.1+dfsg-1+deb6u11_all.deb
Debian	8	all	python3-pygments	< 2.0.1+dfsg-1.1+deb8u1	python3-pygments_2.0.1+dfsg-1.1+deb8u1_all.deb
Debian	7	all	python-pygments	< 1.5+dfsg-1+deb7u1	python-pygments_1.5+dfsg-1+deb7u1_all.deb
Debian	7	all	pygments	< 1.5+dfsg-1+deb7u1	pygments_1.5+dfsg-1+deb7u1_all.deb
Debian	8	all	python-pygments-doc	< 2.0.1+dfsg-1.1+deb8u1	python-pygments-doc_2.0.1+dfsg-1.1+deb8u1_all.deb
Debian	8	all	python-pygments	< 2.0.1+dfsg-1.1+deb8u1	python-pygments_2.0.1+dfsg-1.1+deb8u1_all.deb
Debian	8	all	pygments	< 2.0.1+dfsg-1.1+deb8u1	pygments_2.0.1+dfsg-1.1+deb8u1_all.deb
Debian	7	all	python3-pygments	< 1.5+dfsg-1+deb7u1	python3-pygments_1.5+dfsg-1+deb7u1_all.deb