-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4810-1
security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 13, 2020
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : lxml
CVE ID : CVE-2020-27783
Yaniv Nizry discovered that the clean module of lxml, Python bindings for libxml2 and libxslt could be bypassed.
For the stable distribution (buster), this problem has been fixed in
version 4.3.2-1+deb10u1.
We recommend that you upgrade your lxml packages.
For the detailed security status of lxml please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lxml
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/WWsYACgkQEMKTtsN8 TjZ8rhAAmQOnxkDYDbOogvwhzOpoxPY9d2DOlMfRaPgRJcGGRmJBOJojH/hdLSA9 wlAIjvaqp+6xmbVdsdkA6+tvXY2O1ah/ZMlJc6b8AIuaDebIM9BjnBNa/jTVKuvO I+AkKyloyPLfbM2Nq9FsG5cjVlaY6SdeWSUyq+p8Vpu3h8F6/topMXQlXwNpLZ5E sYZ+YcFqs9Ct/ESjZylQS1Nt9nAtlPfcvVLmLniWI/71Is6RBUzKmt2dK/Wnibsf bvAFUMddQfx1LuHSV+J7gYPyU/b84s1wDcnQDn2LOy5gVQ9s04hxB7YEoEitGY8M hNF54iwweu61VOPM9WmwJDkr/AVEQis+JRoG9kgdJQgv+vFmFxSgzXS0C1JXHLmI X2XoskxVYyTnHCZDc5huTjUNJNqQgDXgQnC78oBGcdWsdy0LX9NDU4T5VmWJ/aJg X2NyBkQp9udx+WT5Sh4OTcif+U1K6D2xIQFHCHaAPQg+KuBdzvYOlmk+mYwmlqyh 3Qi+l7he0eHIFJsyn7OZExtCwfShKk6vMjEK3ZVNxCKHHXODWbNVKDEumPfFzEMN 72zl/xpz+a9N6vzkB/IImXkBDGGrfhdeEgm+onEG5R/698jEPHK9chnBqqIKLeD+ 3iNobIWPX9N9fcMRbygnXm5asPHLtEjwqW2QOjFKBlJ3isleOgI=
=5Uou
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)