[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2606-1] lxml security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2606-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
March 24, 2021                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : lxml
Version        : 3.7.1-1+deb9u4
CVE ID         : CVE-2021-28957
An issue has been found in lxml, a pythonic binding for the libxml2 and libxslt libraries.
Due to missing input sanitization, XSS is possible for the HTML5 formaction attribute. 


For Debian 9 stretch, this problem has been fixed in version
3.7.1-1+deb9u4.

We recommend that you upgrade your lxml packages.

For the detailed security status of lxml please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lxml

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmBbgKJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEcjHQ//cA6P4tdJCOA4LZ+fuSAufLAn3jUCPLvBZ37HZGRuyUqZnfLOSukaBH08
r2XgGZHKUpLgqo52ARXiKzTup3GgiLJxIHwZ1lAnF+7h+F9wtUTJq/B1kgYonxAn
UZ/19mn/rv88j/JU3ZZ578Sxbrdss0Cms5wyckm+qMOXiE23logm1QUFR1Ocme7R
ODoRw3MzYcnka57FHE16SbXjNRixVNTNEb4HmzFykBcHguUP+AaKXanXgBZqe5z5
YbPhIKfhyEQ8tvrUUgNYhmMUUj15ZfhJM++mw0ne+ny2CB3b7BJfBS8mOh4ZnWOT
Up9hIqRQ7enfFGzMXHK/+dBNUbe7BkaAHFq9HSWdRqw+iQOrY8lM1sT10ztg2EVO
T0ydZCgZ9PdBthZ6t7OW9dt5ZwHGvdXoC9TzYbeBeJa+zmIgcr7e/ks3LzpqRoxS
ZyV/ad8AdjSW19WiQCEjWA5OUIOt/ShwEqxHUvj9f9dNc/3ujMAEJ/pNB/ebA3uj
OJYPJ2GKteb5fxZNDaMo/ZP63xmuJxMdNb/+Yl9jqqkDN7MG+cpCrr4ThvjnSkXz
2BI6wjD/ElLUmcTZf2JnfJzIMsOLzhpbLVMo1LrucmMo2Zd4P0mwWgxUoTuf8i/y
JzM5UL/LxzWM0vpPa8jE4pgSamNAZzM6JuCOFyLJ/Q+GvSfqRKc=
=w/Lg
-----END PGP SIGNATURE-----
Reply to: