[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2326-1] htmlunit security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2326-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                                     
August 15, 2020                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : htmlunit
Version        : 2.8-2+deb9u1
CVE ID         : CVE-2020-5529

In HtmlUnit, a GUI-Less browser for Java programs, malicious JavaScript 
code was able to execute arbitrary Java code on the application.

For Debian 9 stretch, this problem has been fixed in version
2.8-2+deb9u1.

We recommend that you upgrade your htmlunit packages.

For the detailed security status of htmlunit please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/htmlunit

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl83++kACgkQiNJCh6LY
mLGYww/9E8BWy8yf3tZdfVIlq+XM2Qgb65k2v+YLuc4xALwdW7Bzaxmd55K/oXDX
I2Mad4q7U3XgmlxKa4V5JDHtdzukVyInLffy2iuqM9KG6eU5HYmst4oUhmxAvVP7
x9U7jKz19t9McnTpOMQEzCyjh3Yb0YKlZgaW/I1eOrytHX3dpwQv12dhmmvaEkHu
uD9H53CphJ42D9KaTOPmzDqzhGPsnUOGY1Rv1DEDnWuFoWDn4O689nNeARJBKs+Y
Y90t21GXYv+8ROzJFuT6n4I/bpgJ/OIj/uLJtEPLephMDKFUt1/jl9Q8VOADnKRB
XiBe/SQECabF4vQSsHZxm+/dW5V/TGfsrQtCnYmDcscdRoF+uludpR/ZKZbG9THH
Sjijx9tkLIpqmlmmSzn+6fQWM3LZx07pxsxIyVmeCdF/hHlAJgPyLcPqSgefLqsh
SIZtvYP4gd5p8heY/msjZtgBKzCnEc6l0NkzNo1+W+5GkQuD6Buf5hDT4+5GGHqT
KFgCbFElIJ2xzrta2gBZzY91MvOYu7tAACtDku9M8z+O/SEaUMQMpkEHbZECmVqh
lYTU3u4vkL9xZibeV9XKD4qhrLeic8PVFGLfvVsEWqQQWBUcyfte/MaW6DWBIqLw
1MogmXXcx8CN+K4xEtpOdMCCBpWHTNasttietVZNbh9hl2dPlk4=
=3wmG
-----END PGP SIGNATURE-----


Reply to: