-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 29 Sep 2023 18:13:41 +0200 Source: python-reportlab Architecture: source Version: 3.5.13-1+deb10u2 Distribution: buster-security Urgency: high Maintainer: Matthias Klose <doko@debian.org> Changed-By: Guilhem Moulin <guilhem@debian.org> Changes: python-reportlab (3.5.13-1+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2019-19450: code injection in paraparser.py allows code execution. * Fix CVE-2020-28463: Server-side Request Forgery (SSRF) via <img> tags. New settings ‘trustedHosts’ and ‘trustedSchemes’ are added to explicitely define an allowlist. Checksums-Sha1: a55f97584a063ffd1ce42d1a59007727ce542cbd 2853 python-reportlab_3.5.13-1+deb10u2.dsc ba62ac2907911bf930d829230e5cd2f725deeed5 18524 python-reportlab_3.5.13-1+deb10u2.debian.tar.xz 30c3d6fcf0e94f0a382258118cb777656d51ad9e 12475 python-reportlab_3.5.13-1+deb10u2_amd64.buildinfo Checksums-Sha256: 54d49616d4d1d7fb5f81468311cbe99c7d37c13215918219cc0f94f536f3f0f2 2853 python-reportlab_3.5.13-1+deb10u2.dsc f9fddf37278705d28dc4f465dd2dc73bd18727ed03bd3aa5f2b8d069247e05f8 18524 python-reportlab_3.5.13-1+deb10u2.debian.tar.xz 7b42f22139799f551a9cf20fbf24bebf6c86fb3c13f10d829770c110511a1629 12475 python-reportlab_3.5.13-1+deb10u2_amd64.buildinfo Files: 425a21500a820ef5ccaa08d723924d47 2853 python optional python-reportlab_3.5.13-1+deb10u2.dsc 000f893280b671ee2fdbcc6ad8d34a99 18524 python optional python-reportlab_3.5.13-1+deb10u2.debian.tar.xz 8b35c0c4755324456643e27831374471 12475 python optional python-reportlab_3.5.13-1+deb10u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmUW/+QACgkQ05pJnDwh pVIhmA/9FKLeYWaCM26Sgmio52aHAQajOUWMV8HMgVt2yD10h/GPnQ1tZ3+eQcqQ iksgh9J1bpDN6YAnZs04U/LoeSPcJa9LS6MQFJPCtQHMZxjAzECUnKRIVl3G4KCn OZVwZKw7T8azFBOL8Xr7l9SZaTpwXONnz2tjUY3I4F/MHN2ShdTbn21MjOGdbnbk Rz0DcNMjjbS6lInmr3EEKBgsoyU+J/AGVHxso1P8eGTkU/fW6iavLZCoqFGhFWlh Y7/s094gxUYQjdVmjgp7eXoohj9neWo0gaJqkaPhZJXeZ5arO4Q9x1Yh09kY6ZBh QPeHxm2S58cblPLxoX9EWDPscv89av54UyiqYJBiNKXwTh/lrKcTuQ/1sX4j65Od S2GQnMKdfQpqwFjjt936lSkSIkaeEIJGN33mAGOQ/OTJ0tfILBkU2g5ieVX+7EZQ BpvbrSdx1SFg7704G25niBvomobDkWDz5EN82hXfUF485tEIPtMlKJVtcRzEaaHM iiq5X+I6AzEcMP8otCQcXbdS2BWsa5VVyYmh2B5E/tr7yPaDMtrKCuj/rjPJYDLN QDvh0/ZrWJ3GK/Dj+PoGpnB0B1pMjKzceCALTNR45Y1E6Q4wFqT1Csr8aHesGj8N iwiIbN626rEBlVwPNt2Z+DWhUI+bzUxANBT+mAXsrN6xKmZYZww= =bqW0 -----END PGP SIGNATURE-----