[Git][security-tracker-team/security-tracker][master] Add CVE-2021-43818/lxml
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Dec 13 19:48:02 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b04174d7 by Salvatore Bonaccorso at 2021-12-13T20:47:37+01:00
Add CVE-2021-43818/lxml
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2960,8 +2960,12 @@ CVE-2021-43820
RESERVED
CVE-2021-43819
RESERVED
-CVE-2021-43818
+CVE-2021-43818 [HTML Cleaner allows crafted and SVG embedded scripts to pass through]
RESERVED
+ - lxml <unfixed>
+ NOTE: https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8
+ NOTE: https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a (lxml-4.6.5)
+ NOTE: https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0 (lxml-4.6.5)
CVE-2021-43817
RESERVED
CVE-2021-43816
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b04174d7c7104549ffc4dc2b19ef5f7129339604
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b04174d7c7104549ffc4dc2b19ef5f7129339604
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211213/1f7efbca/attachment.htm>
More information about the debian-security-tracker-commits
mailing list