Debian 9858 Published by

The following Python updates has been released for Debian GNU/Linux 7 LTS:

DLA 1189-1: python2.7 security update
DLA 1190-1: python2.6 security update
DLA 1191-1: python-werkzeug security update



DLA 1189-1: python2.7 security update

Package : python2.7
Version : 2.7.3-6+deb7u4
CVE ID : CVE-2017-1000158


A minor security vulnerability has been discovered in Python 2.7, an
interactive high-level object-oriented language.

CVE-2017-1000158

CPython (the reference implementation of Python also commonly known
as simply Python) versions 2.6 and 2.7 are vulnerable to an integer
overflow and heap corruption, leading to possible arbitrary code
execution. The nature of the error has to do with improper handling
of large strings with escaped characters.

For Debian 7 "Wheezy", these problems have been fixed in version
2.7.3-6+deb7u4.

We recommend that you upgrade your python2.7 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DLA 1190-1: python2.6 security update

Package : python2.6
Version : 2.6.8-1.1+deb7u1
CVE ID : CVE-2017-1000158


A minor security vulnerability has been discovered in Python 2.7, an
interactive high-level object-oriented language.

CVE-2017-1000158

CPython (the reference implementation of Python also commonly known
as simply Python) versions 2.6 and 2.7 are vulnerable to an integer
overflow and heap corruption, leading to possible arbitrary code
execution. The nature of the error has to do with improper handling
of large strings with escaped characters.

For Debian 7 "Wheezy", these problems have been fixed in version
2.6.8-1.1+deb7u1.

We recommend that you upgrade your python2.6 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DLA 1191-1: python-werkzeug security update




Package : python-werkzeug
Version : 0.8.3+dfsg-1+deb7u1
CVE ID : CVE-2016-10516


A security issue that allows XSS on the Werkzeug debugger allows
remote attackers to inject arbitrary stuff via a field that
contains an exception message.


For Debian 7 "Wheezy", these problems have been fixed in version
0.8.3+dfsg-1+deb7u1.

We recommend that you upgrade your python-werkzeug packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS