[Git][security-tracker-team/security-tracker][master] Reference fix for CVE-2026-41066/lxml
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Apr 25 15:17:28 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1debeed1 by Salvatore Bonaccorso at 2026-04-25T16:17:02+02:00
Reference fix for CVE-2026-41066/lxml
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -239,6 +239,7 @@ CVE-2026-41067 (Astro is a web framework. Prior to 6.1.6, the defineScriptVars f
CVE-2026-41066 (lxml is a library for processing XML and HTML in the Python language. ...)
- lxml 6.1.0-1
NOTE: https://github.com/lxml/lxml/security/advisories/GHSA-vfmq-68hx-4jfw
+ NOTE: Fixed by: https://github.com/lxml/lxml/commit/ab431ea0b9a7357d968f1d1c5c614649e9aaf358 (lxml-6.1.0)
NOTE: https://bugs.launchpad.net/lxml/+bug/2146291
CVE-2026-40897 (Math.js is an extensive math library for JavaScript and Node.js. From ...)
NOT-FOR-US: Math.js
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1debeed151f7be9700194e0c97a43cc673b2f171
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1debeed151f7be9700194e0c97a43cc673b2f171
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260425/62e705d2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list