Akira Shibakawa <arabishi900@gmail.com> writes: > CVE-2019-5815 and CVE-2021-30560 are vulnerabilities of libxslt > included in chromium source code as third-party code. > And not only chromium but also libxslt upstream has already fixed them. > https://gitlab.gnome.org/GNOME/libxslt/-/commit/08b62c258 > https://gitlab.gnome.org/GNOME/libxslt/-/commit/50f9c9cd3 > > Because libxslt in debian buster is older than the fixed version in > upstream, these bugs are still present in debian buster. > Is there any plans to fix them in debian buster ? > (I am wonder why these CVEs are linked to only chromium, not libxslt.) Since security support for buster will expire in a few days, I suggest following up with the LTS team. More information is available at https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature