Lucene search

K
debianDebianDEBIAN:DSA-5652-1:7B76C
HistoryApr 02, 2024 - 6:01 p.m.

[SECURITY] [DSA 5652-1] py7zr security update

2024-04-0218:01:49
lists.debian.org
8
directory traversal
vulnerability
py7zr
debian security advisory
fixed
package upgrade

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

5.8 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.3%


Debian Security Advisory DSA-5652-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
April 02, 2024 https://www.debian.org/security/faq


Package : py7zr
CVE ID : CVE-2022-44900

A directory traversal vulnerability was discovered in py7zr, a library
and command-line utility to process 7zip archives.

For the oldstable distribution (bullseye), this problem has been fixed
in version 0.11.3+dfsg-1+deb11u1.

We recommend that you upgrade your py7zr packages.

For the detailed security status of py7zr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/py7zr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

5.8 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.3%