[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2467-1] lxml security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2467-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Abhijith PA
November 26, 2020                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : lxml
Version        : 3.7.1-1+deb9u1
CVE ID         : CVE-2018-19787 CVE-2020-27783


CVE-2018-19787

    It was discovered that there was a XSS injection vulnerability in
    the LXML HTML/XSS manipulation library for Python.

CVE-2020-27783

    javascript escaping through the <noscript> and <style> combinations.

For Debian 9 stretch, these problems have been fixed in version
3.7.1-1+deb9u1.

We recommend that you upgrade your lxml packages.

For the detailed security status of lxml please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lxml

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl+/9NUACgkQhj1N8u2c
KO8xQQ//dBbIeCJNy5E0N+/TDHsY6K95BoQVtPniSuaN4TVxd8lNOXtXOhfBsdGo
GelsKU0IPNuyE8+Al7n6qm5Dw4miahBdgCnahp/ZnR4TOWFpKNg1TQoCooPCuoy8
4xlOJjiPH85a9//rsMvYp5u4b+kG5BMsjAlm83qJhTlk7nXW4/tMTq0OIWfgwsYE
lVVNDThoPI0Ggqv30Yac3GDTV7sTXOTQyAUwkG9YGJq48VxDihotJpHCshQ7QoBw
Q9/vFJ6El/uUyQxgutqSnQRDXG5mBegI4fDgEY7B8OY/l6Hh1fCwWnsPry6Ff4sq
JpAdF2J1vr6y6+dhcInfvOiHRKfIhpFQerQsU9J2knTEwFoChmGATme82bwt2fzw
x2+ngPx4MvzyyJy2OihWkJsF15o8YGPfcD7lINjFx2s5nLk4U49JPipWSGtlNeE8
Bt+aQTGL/IvVXRg8rhRrvYhtOmXWjm5cgraCDzWBXuidRlfBocQvqdcMF4GzZuFY
jr21HzdozkFV9D3c7nNxq8KpFGR1t0bAHsBJZjkLtGnXE5YbhfvsbCPvSWxfoiBh
tP/gF1Slot68oBQffkvijzWR4wrZeYRFHDwJePV5t7krrymeIzDIllv6KiftcE7i
Hquv5FU8M2xRC6KbB6oJR+Gyzddjb6spemVLsn3Z7WwkDTexp4E=
=5z+4
-----END PGP SIGNATURE-----


Reply to: