Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4810-1] lxml security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4810-1] lxml security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4810-1] lxml security update
  • Date: Sun, 13 Dec 2020 18:19:20 +0000
  • List-archive: https://lists.debian.org/msgid-search/20201213181920.GA1349 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=Kpscx5sOFLGHDF7FghpCkoZeiISaMmeo2TBdcqfhIKY=; b=Wc ppwhXE0kGWpyTJI75kxTPl+tssWM9LppyW4KV3fAFykflHgbtOtJcA5tQauwoaICVLRGQDK1Bj/9d 1itYSEOlwo107MVaDRt53T0MWKpUNP8CcsFNjS9bt4rMoNkOr56kxjtorcNrjt1USTBnXUQScc7s2 Dt2x9WJn+COcgu3tJJyZiexyHHqISiJxcOowPO+EJ8w2E0l/2ld5/3O9z3NyuRmzWR5ONvs5dvVE9 GtaIzvUClJeHRu5CbzxdxuvjgPTducUXJpvXcEcbghGuibrltD1H1fDoC7+Zs87VghUArNvblpvRL 5uImzlxxOiLOxT5rN0ZRdS+Idicz6yIQ==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Sun, 13 Dec 2020 18:19:38 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <wve1FLo64lG.A.lkD.6sl1fB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4810-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
December 13, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : lxml
CVE ID : CVE-2020-27783

Yaniv Nizry discovered that the clean module of lxml, Python bindings for
libxml2 and libxslt could be bypassed.

For the stable distribution (buster), this problem has been fixed in
version 4.3.2-1+deb10u1.

We recommend that you upgrade your lxml packages.

For the detailed security status of lxml please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lxml

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/WWsYACgkQEMKTtsN8
TjZ8rhAAmQOnxkDYDbOogvwhzOpoxPY9d2DOlMfRaPgRJcGGRmJBOJojH/hdLSA9
wlAIjvaqp+6xmbVdsdkA6+tvXY2O1ah/ZMlJc6b8AIuaDebIM9BjnBNa/jTVKuvO
I+AkKyloyPLfbM2Nq9FsG5cjVlaY6SdeWSUyq+p8Vpu3h8F6/topMXQlXwNpLZ5E
sYZ+YcFqs9Ct/ESjZylQS1Nt9nAtlPfcvVLmLniWI/71Is6RBUzKmt2dK/Wnibsf
bvAFUMddQfx1LuHSV+J7gYPyU/b84s1wDcnQDn2LOy5gVQ9s04hxB7YEoEitGY8M
hNF54iwweu61VOPM9WmwJDkr/AVEQis+JRoG9kgdJQgv+vFmFxSgzXS0C1JXHLmI
X2XoskxVYyTnHCZDc5huTjUNJNqQgDXgQnC78oBGcdWsdy0LX9NDU4T5VmWJ/aJg
X2NyBkQp9udx+WT5Sh4OTcif+U1K6D2xIQFHCHaAPQg+KuBdzvYOlmk+mYwmlqyh
3Qi+l7he0eHIFJsyn7OZExtCwfShKk6vMjEK3ZVNxCKHHXODWbNVKDEumPfFzEMN
72zl/xpz+a9N6vzkB/IImXkBDGGrfhdeEgm+onEG5R/698jEPHK9chnBqqIKLeD+
3iNobIWPX9N9fcMRbygnXm5asPHLtEjwqW2QOjFKBlJ3isleOgI=
=5Uou
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4810-1] lxml security update, Moritz Muehlenhoff, 13.12.2020

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang