-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2871-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta December 30, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : lxml Version : 3.7.1-1+deb9u5 CVE ID : CVE-2021-43818 Debian Bug : 1001885 lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. For Debian 9 stretch, this problem has been fixed in version 3.7.1-1+deb9u5. We recommend that you upgrade your lxml packages. For the detailed security status of lxml please refer to its security tracker page at: https://security-tracker.debian.org/tracker/lxml Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmHN5pIACgkQgj6WdgbD S5ZHdxAAjGve8ZJHdjhdBKfIa5ok29XjbOuga17rjkmxdW+Jrl9hyLIvAx7eG8Bh /L8fqPwnnP7ApXVyvBG/U2maRtEqkH/0MFtgOXtz97fCm9gj87BKJmzmC7UTqD8j FBgLDwK8OcPmKArF9tmXgwT1fRfBCfBBQ30bG6tHhmoGKP1kSMa2gRLmbNg9B9NF oylvcyY0KlliPLT6u4/ysGWV9LmtgFqljrPS5c8XtuIe+KzOKL7Y4HJHwmUf9G2+ hKbR3s7pTGrkdzmUE/4HHgDlB5iJ1BPVoREmiZjcYSyTEKC7K+Znv4V5GdG5ElYp sWdCa6RhTR8dgEUsHu8eQe+WOc55jxGo0d002yyYnugaPPvjVlh9gdZaGXUDZvFi UG3x+Qoh/qL4v2dbrv5YBoiodU9vwJ/enwca9mx42pCRFBKEBx2Y4nB4YpLPXg/7 43CcOigkoamCUhC9oHjEneKRkSY5n2szjcbdvymxyEbUENYq0iisupEVWh0QUfRN lT3667QMLaXvzNT1aP5onbdGmGqOrhmqX5JuaTickSAtuxQDljoQx6Lh8t5aqT8X pPxnr3GK81+E5IswTlfZY9G+YWY1+bau0+gY14CkHlJ5brRpvCJnrBxM7xk7Q7Q/ WD8q2Tb1VANcLWQuwar/2uxjVPtakAKUSJu3l64gO0NvNsfUp10= =KiD3 -----END PGP SIGNATURE-----