[Git][security-tracker-team/security-tracker][master] Add two new lxml-html-clean issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 6 21:38:53 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ce6db310 by Salvatore Bonaccorso at 2026-03-06T22:38:23+01:00
Add two new lxml-html-clean issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -665,9 +665,13 @@ CVE-2026-28542 (Permission bypass vulnerability in the system service framework.
 CVE-2026-28353 (Trivy Vulnerability Scanner is a VS Code extension that helps find vul ...)
 	- trivy <itp> (bug #929458)
 CVE-2026-28350 (lxml_html_clean is a project for HTML cleaning functionalities copied  ...)
-	TODO: check
+	- lxml-html-clean <unfixed>
+	NOTE: https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c
+	NOTE: Fixed by: https://github.com/fedora-python/lxml_html_clean/commit/9c5612ca33b941eec4178abf8a5294b103403f34 (0.4.4)
 CVE-2026-28348 (lxml_html_clean is a project for HTML cleaning functionalities copied  ...)
-	TODO: check
+	- lxml-html-clean <unfixed>
+	NOTE: https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-hw26-mmpg-fqfg
+	NOTE: Fixed by: https://github.com/fedora-python/lxml_html_clean/commit/2ef732667ddbc74ea59847bcf24b75809aaeed3b (0.4.4)
 CVE-2026-28343 (CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ...)
 	TODO: check
 CVE-2026-28342 (OliveTin gives access to predefined shell commands from a web interfac ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce6db310e92488cfdbe576c12e1afaa0a063abfc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce6db310e92488cfdbe576c12e1afaa0a063abfc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260306/5e039823/attachment.htm>

More information about the debian-security-tracker-commits mailing list