Security News

Cybersecurity news aggregator

🐧
LOW Updates Debian Security

DSA-6220-1 simpleeval - security update

cve-2026-32640debianpython
  • What: Security update for simpleeval library
  • Impact: Addresses a module reference restriction flaw in Python
Read Full Article →

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6220-1] simpleeval security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6220-1] simpleeval security update From: Moritz Muehlenhoff <jmm@debian.org> Date: Mon, 20 Apr 2026 19:04:42 +0000 Message-id: <[🔎] aeZ4yhyghZ3cS-ia@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6220-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 20, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : simpleeval CVE ID : CVE-2026-32640 Byambadalai Sumiya discovered that SimpleEval, a library for adding evaluatable expressions into Python projects, didn't fully restrict some module references, resulting in sandbox bypass. For the oldstable distribution (bookworm), this problem has been fixed in version 0.9.12-1+deb12u1. For the stable distribution (trixie), this problem has been fixed in version 1.0.3-1+deb13u1. We recommend that you upgrade your simpleeval packages. For the detailed security status of simpleeval please refer to its security tracker page at: https://security-tracker.debian.org/tracker/simpleeval Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnmeDAACgkQEMKTtsN8 TjaQhA//QFnufiBLWtnT5l5ve0elOY0QZBU0lujETDtQjWcAWC/ei4qM4f4Ox/ZP 6ANm+IrvpobIHFNotUNEXe15RSN3LFVXQnDqzjPbVDKtPFZCu+MB8peEqxMTFdm/ WmiI5UE1CbtQgEDwiX5GcETZxZR0QDy5SMkjQFCfCidEYhfqYNO1RntX7CtihPcw b+jI9mifh3k7LXyTqY7JgGsekDaGu+hb06HoUYDqqNv9L2nCKwefqwM1Ogu4g7mW 10G79EARcVyYsDlWE5eTQCgB5pevkHUEZPy+HsNDGuhc3BVcpLj/+Y1nOZsCZl5s eWeUoql2llUgzC5xr4Z4kdFz4GkkvqSivAnd+jSoylVxzS9Yhi1Fegczwy/SWVGw Ibdce8IhEYHsNnuH9tflyubPA9zTKOISzq2U+b1WQPhU3TCNnS53He5Q9gDMPADP YtLKN8NoPiXLQexOXxQOtcjBeX29vPGUGS7JSibWhh56r8AdHulENNp710CVyC5x e/XFIbC2gvIhCfduLN8DB4RtTSxrSabN8oHDWz3ZwsUUgC1qc0/zz3atjJeymDp9 zdfA1NiCow4LfJeOehiXdWZNLQ0rTSNIWB4eiPAwGcENfMtO2Ln6El5Cz5JO1YCV 2s91Xwx6nHMjF92kQkb4haMMfiEePZcOTi2SuHZYFkppythiVnU= =+lxi -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6219-1] pillow security update Previous by thread: [SECURITY] [DSA 6219-1] pillow security update Index(es): Date Thread

Related Articles

HIGH USN-8301-1: SimpleEval vulnerability Ubuntu Security MEDIUM DSA-6104-1 python-keystonemiddleware - security update Debian Security MEDIUM DSA-6102-2 python-urllib3 - regression update Debian Security MEDIUM DSA-6136-1 python-django - security update Debian Security
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn