1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4880-1] lxml security update

    From Sebastien Delafond@21:1/5 to All on Mon Mar 29 18:30:01 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4880-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond
    March 29, 2021 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : lxml
    CVE ID : CVE-2021-28957
    Debian Bug : 985643

    Kevin Chung discovered that lxml, a Python binding for the libxml2 and
    libxslt libraries, did not properly sanitize its input. This would
    allow a malicious user to mount a cross-site scripting attack.

    For the stable distribution (buster), this problem has been fixed in
    version 4.3.2-1+deb10u3.

    We recommend that you upgrade your lxml packages.

    For the detailed security status of lxml please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/lxml

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmBh/jUACgkQEL6Jg/PV nWT4yQf/aLxTPSFTtdAjpJXH0yTcBTt5dIsodWLXwmWAzsOxA2ivUV44NL7oduQq P20TQCtIUHqXrP7N9q4rCm+T9fIIdOFJckATWQkYUuk7/RQB4xi4npe2Jj1vgvjj ELMtjoURYHhGvnJDLHqTgfsdIly+gnwKfyPAFpfbOQEb+2W3Ds3YjHF9toCtVc0W 6q5S7bTfkisLVWU3wWWwH1vTlA3XS9dgozUEIoV5TjGakQicnx6ZBA/zhEs4OJUf Vr5W52nFrZRh0448htdKT+4ex+IEI8sOKegH/ecYmK4WBGrrMgYCxeWgB+tUEawz 68g5R3mwr9FtfkbLGBFlBk68Y1Ei5w==
    =g+pG
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)