Lxml Security Update for Debian 8 LTS
Posted on: 12/10/2018 05:12 PM

Updated lxml packages has been released for Debian GNU/Linux 8 LTS

Package : lxml
Version : 3.4.0-1+deb8u1
CVE ID : CVE-2018-19787

It was discovered that there was a XSS injection vulnerability in
the LXML HTML/XSS manipulation library for Python.

LXML did not remove "javascript:" URLs that used escaping such as
"j a v a s c r i p t". This is a similar issue to CVE-2014-3146.

For Debian 8 "Jessie", this issue has been fixed in lxml version
3.4.0-1+deb8u1.

We recommend that you upgrade your lxml packages.



Printed from Linux Compatible (https://www.linuxcompatible.org/news/story/lxml_security_update_for_debian_8_lts.html)