[SECURITY] [DLA 2467-1] lxml security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2467-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
November 26, 2020 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : lxml
Version : 3.7.1-1+deb9u1
CVE ID : CVE-2018-19787 CVE-2020-27783
CVE-2018-19787
It was discovered that there was a XSS injection vulnerability in
the LXML HTML/XSS manipulation library for Python.
CVE-2020-27783
javascript escaping through the <noscript> and <style> combinations.
For Debian 9 stretch, these problems have been fixed in version
3.7.1-1+deb9u1.
We recommend that you upgrade your lxml packages.
For the detailed security status of lxml please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lxml
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl+/9NUACgkQhj1N8u2c
KO8xQQ//dBbIeCJNy5E0N+/TDHsY6K95BoQVtPniSuaN4TVxd8lNOXtXOhfBsdGo
GelsKU0IPNuyE8+Al7n6qm5Dw4miahBdgCnahp/ZnR4TOWFpKNg1TQoCooPCuoy8
4xlOJjiPH85a9//rsMvYp5u4b+kG5BMsjAlm83qJhTlk7nXW4/tMTq0OIWfgwsYE
lVVNDThoPI0Ggqv30Yac3GDTV7sTXOTQyAUwkG9YGJq48VxDihotJpHCshQ7QoBw
Q9/vFJ6El/uUyQxgutqSnQRDXG5mBegI4fDgEY7B8OY/l6Hh1fCwWnsPry6Ff4sq
JpAdF2J1vr6y6+dhcInfvOiHRKfIhpFQerQsU9J2knTEwFoChmGATme82bwt2fzw
x2+ngPx4MvzyyJy2OihWkJsF15o8YGPfcD7lINjFx2s5nLk4U49JPipWSGtlNeE8
Bt+aQTGL/IvVXRg8rhRrvYhtOmXWjm5cgraCDzWBXuidRlfBocQvqdcMF4GzZuFY
jr21HzdozkFV9D3c7nNxq8KpFGR1t0bAHsBJZjkLtGnXE5YbhfvsbCPvSWxfoiBh
tP/gF1Slot68oBQffkvijzWR4wrZeYRFHDwJePV5t7krrymeIzDIllv6KiftcE7i
Hquv5FU8M2xRC6KbB6oJR+Gyzddjb6spemVLsn3Z7WwkDTexp4E=
=5z+4
-----END PGP SIGNATURE-----
Reply to: