Debian 10261 Published by

A lxml security update has been released for Debian GNU/Linux 8 Extended LTS to address a cross-site scripting issue.



ELA-332-1 lxml security update

Package lxml
Version 3.4.0-1+deb8u3

It was discovered that the clean_html() function of lxml, a Python library for HTML and XML processing, performed insufficient sanitisation for embedded Javascript code. This could lead to cross-site scripting or possibly the execution of arbitrary code.

For Debian 8 jessie, these problems have been fixed in version 3.4.0-1+deb8u3.

We recommend that you upgrade your lxml packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-332-1 lxml security update