Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 786954 (CVE-2021-20095)

Summary: <dev-python/Babel-2.9.1: Arbitrary locale loading weakness (CVE-2021-20095)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: ago, mgorny, python
Priority: Normal Flags: nattka: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa?]
Package list:
dev-python/Babel-2.9.1
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-04-29 19:06:11 UTC
Description:
"Relative Path Traversal in Babel 2.9.0 allows an attacker to load arbitrary locale files on disk and execute arbitrary code."

Disclosure: https://www.tenable.com/security/research/tra-2021-14
Comment 1 Agostino Sarubbo gentoo-dev 2021-04-30 15:24:25 UTC
ALLARCHES stable. Closing.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-04-30 19:49:35 UTC
Please cleanup

(In reply to Agostino Sarubbo from comment #1)
> ALLARCHES stable. Closing.

It’s a security bug! ;)
Comment 3 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2021-04-30 20:24:28 UTC
Already done.