Originally uploaded to
debian sid in
Primary Archive for Debian GNU/Linux
Changelog
python-babel (2.8.0+dfsg.1-7) unstable; urgency=medium
* CVE-2021-20095: Relative Path Traversal in Babel 2.9.0 allows an attacker
to load arbitrary locale files on disk and execute arbitrary code. Applied
upstream patch: Run locale identifiers through `os.path.basename()`.
(Closes: #987824).
-- Thomas Goirand <email address hidden> Sat, 01 May 2021 17:13:14 +0200