Univention Bugzilla – Bug 52997
lxml: Multiple issues (4.4)
Last modified: 2021-03-31 18:36:51 CEST
New Debian lxml 3.7.1-1+deb9u4 fixes: This update addresses the following issue: * missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957)
--- mirror/ftp/4.4/unmaintained/component/4.4-7-errata/source/lxml_3.7.1-1+deb9u3.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/lxml_3.7.1-1+deb9u4.dsc @@ -1,3 +1,10 @@ +3.7.1-1+deb9u4 [Tue, 23 Mar 2021 19:03:02 +0100] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2021-28957 + Due to missing input sanitization, XSS is possible for the HTML5 + formatcion attribute. + 3.7.1-1+deb9u3 [Fri, 18 Dec 2020 09:50:10 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: * Non-maintainer upload by the LTS Team. <http://piuparts.knut.univention.de/4.4-7/#5622458748676943303>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] d951c4590c Bug #52997: lxml 3.7.1-1+deb9u4 doc/errata/staging/lxml.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x941>