bug#47319: python-lxml is vulnerable to CVE-2021-28957

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47319: python-lxml is vulnerable to CVE-2021-28957

From:	Maxim Cournoyer
Subject:	bug#47319: python-lxml is vulnerable to CVE-2021-28957
Date:	Tue, 22 Mar 2022 22:32:52 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)

Hi,

Léo Le Bouter <lle-bout@zaclys.net> writes:

> CVE-2021-28957        21.03.21 06:15
> lxml 4.6.2 places the HTML action attribute into defs.link_attrs (in
> html/defs.py) for later use in input sanitization, but does not do the
> same for the HTML5 formaction attribute.
>
> Upstream fixed it in 4.6.3 (
> https://github.com/lxml/lxml/commit/2d01a1ba8984e0483ce6619b972832377f208a0d
> ), so we should probably upgrade to that.

This is the current version in Guix.

Closing; thanks!

Maxim

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47319: python-lxml is vulnerable to CVE-2021-28957, Maxim Cournoyer <=

Prev by Date: bug#47351: python-pygments@2.7.3 is vulnerable to at least CVE-2021-20270
Next by Date: bug#52228: NSS CVE-2021-43527 "memory corruption validating dsa/rsa-pss signatures"
Previous by thread: bug#47351: python-pygments@2.7.3 is vulnerable to at least CVE-2021-20270
Next by thread: bug#52228: NSS CVE-2021-43527 "memory corruption validating dsa/rsa-pss signatures"
Index(es):
- Date
- Thread