ELA-940-1 flask security update


Version0.12.1-1+deb9u1 (stretch)
Related CVEs CVE-2018-1000656 CVE-2019-1010083

Flask, a micro web framework for the Python programming language, contains a improper input validation vulnerability (CWE-20) that can result in large amount of memory usage, possibly leading to denial of service. This attack appears to be exploitable through a crafted JSON data in an incorrect encoding. NOTE: this may overlap CVE-2019-1010083.

For Debian 9 stretch, these problems have been fixed in version 0.12.1-1+deb9u1.

We recommend that you upgrade your flask packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.