-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.4203.2
lxml security update
21 December 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: lxml
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Cross-site Scripting -- Remote with User Interaction
Reduced Security -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2020-27783 CVE-2018-19787
Reference: ESB-2018.3831
ESB-2018.3829
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2020/11/msg00044.html
https://www.debian.org/lts/security/2020/dla-2467-2
Comment: This bulletin contains two (2) Debian security advisories.
Revision History: December 21 2020: DLA-2467-2 completes fix for CVE-2020-27783
November 27 2020: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2467-2 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Roberto C. Sánchez
December 18, 2020 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : lxml
Version : 3.7.1-1+deb9u3
CVE ID : CVE-2020-27783
The fix for CVE-2020-27783, released as DLA 2467-1, was incomplete as
the component was still affected by the vulnerability. This
update includes an additional patch that completes the fix. Note that a
package with version 3.7.1-1+deb9u2 was uploaded, but before the
publication of the advisory a regression was discovered, which was
immediately corrected prior to publication of this advisory.
For Debian 9 stretch, this problem has been fixed in version
3.7.1-1+deb9u3.
We recommend that you upgrade your lxml packages.
For the detailed security status of lxml please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lxml
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2467-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
November 26, 2020 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : lxml
Version : 3.7.1-1+deb9u1
CVE ID : CVE-2018-19787 CVE-2020-27783
CVE-2018-19787
It was discovered that there was a XSS injection vulnerability in
the LXML HTML/XSS manipulation library for Python.
CVE-2020-27783
javascript escaping through the and
The post ESB-2020.4203.2 – UPDATE [Debian] lxml: Multiple vulnerabilities appeared first on Malware Devil.
https://malwaredevil.com/2020/12/21/esb-2020-4203-2-update-debian-lxml-multiple-vulnerabilities-2/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-4203-2-update-debian-lxml-multiple-vulnerabilities-2
No comments:
Post a Comment