Lucene search

DebianDEBIAN:DLA-3048-1:41FF7

HistoryJun 08, 2022 - 7:42 p.m.

[SECURITY] [DLA 3048-1] python-bottle security update

2022-06-0819:42:49

lists.debian.org

debian lts

python-bottle

security update

cve-2022-31799

mishandling errors

debian 9 stretch

wsgi micro web-framework

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.014

Percentile

86.6%

JSON

Debian LTS Advisory DLA-3048-1 [email protected]
https://www.debian.org/lts/security/ Utkarsh Gupta
June 09, 2022 https://wiki.debian.org/LTS

Package : python-bottle
Version : 0.12.13-1+deb9u2
CVE ID : CVE-2022-31799

Bottle, which is a fast, simple and lightweight WSGI micro
web-framework for Pytho, mishandles errors during early request
binding.

For Debian 9 stretch, this problem has been fixed in version
0.12.13-1+deb9u2.

We recommend that you upgrade your python-bottle packages.

For the detailed security status of python-bottle please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-bottle

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9allpython-bottle< 0.12.13-1+deb9u2python-bottle_0.12.13-1+deb9u2_all.deb
Debian10allpython-bottle< 0.12.15-2+deb10u2python-bottle_0.12.15-2+deb10u2_all.deb
Debian10allpython3-bottle< 0.12.15-2+deb10u2python3-bottle_0.12.15-2+deb10u2_all.deb
Debian9allpython-bottle-doc< 0.12.13-1+deb9u2python-bottle-doc_0.12.13-1+deb9u2_all.deb
Debian11allpython-bottle-doc< 0.12.19-1+deb11u1python-bottle-doc_0.12.19-1+deb11u1_all.deb
Debian11allpython-bottle< 0.12.19-1+deb11u1python-bottle_0.12.19-1+deb11u1_all.deb
Debian11allpython3-bottle< 0.12.19-1+deb11u1python3-bottle_0.12.19-1+deb11u1_all.deb
Debian10allpython-bottle-doc< 0.12.15-2+deb10u2python-bottle-doc_0.12.15-2+deb10u2_all.deb
Debian9allpython3-bottle< 0.12.13-1+deb9u2python3-bottle_0.12.13-1+deb9u2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	all	python-bottle	< 0.12.13-1+deb9u2	python-bottle_0.12.13-1+deb9u2_all.deb
Debian	10	all	python-bottle	< 0.12.15-2+deb10u2	python-bottle_0.12.15-2+deb10u2_all.deb
Debian	10	all	python3-bottle	< 0.12.15-2+deb10u2	python3-bottle_0.12.15-2+deb10u2_all.deb
Debian	9	all	python-bottle-doc	< 0.12.13-1+deb9u2	python-bottle-doc_0.12.13-1+deb9u2_all.deb
Debian	11	all	python-bottle-doc	< 0.12.19-1+deb11u1	python-bottle-doc_0.12.19-1+deb11u1_all.deb
Debian	11	all	python-bottle	< 0.12.19-1+deb11u1	python-bottle_0.12.19-1+deb11u1_all.deb
Debian	11	all	python3-bottle	< 0.12.19-1+deb11u1	python3-bottle_0.12.19-1+deb11u1_all.deb
Debian	10	all	python-bottle-doc	< 0.12.15-2+deb10u2	python-bottle-doc_0.12.15-2+deb10u2_all.deb
Debian	9	all	python3-bottle	< 0.12.13-1+deb9u2	python3-bottle_0.12.13-1+deb9u2_all.deb