| Package | python-babel |
|---|---|
| Version | 1.3+dfsg.1-5+deb8u1 (jessie) |
| Related CVEs | CVE-2021-42771 |
An arbitrary code execution vulnerability was discovered in python-babel, a
library for internationalizing Python applications.
Attackers could load arbitrary locale .data files (containing serialized
Python objects) via a directory traversal attack, leading to code execution.
For Debian 8 jessie, these problems have been fixed in version 1.3+dfsg.1-5+deb8u1.
We recommend that you upgrade your python-babel packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.