-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4810-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
December 13, 2020                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : lxml
CVE ID         : CVE-2020-27783

Yaniv Nizry discovered that the clean module of lxml, Python bindings for
libxml2 and libxslt could be bypassed.

For the stable distribution (buster), this problem has been fixed in
version 4.3.2-1+deb10u1.

We recommend that you upgrade your lxml packages.

For the detailed security status of lxml please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lxml

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/WWsYACgkQEMKTtsN8
TjZ8rhAAmQOnxkDYDbOogvwhzOpoxPY9d2DOlMfRaPgRJcGGRmJBOJojH/hdLSA9
wlAIjvaqp+6xmbVdsdkA6+tvXY2O1ah/ZMlJc6b8AIuaDebIM9BjnBNa/jTVKuvO
I+AkKyloyPLfbM2Nq9FsG5cjVlaY6SdeWSUyq+p8Vpu3h8F6/topMXQlXwNpLZ5E
sYZ+YcFqs9Ct/ESjZylQS1Nt9nAtlPfcvVLmLniWI/71Is6RBUzKmt2dK/Wnibsf
bvAFUMddQfx1LuHSV+J7gYPyU/b84s1wDcnQDn2LOy5gVQ9s04hxB7YEoEitGY8M
hNF54iwweu61VOPM9WmwJDkr/AVEQis+JRoG9kgdJQgv+vFmFxSgzXS0C1JXHLmI
X2XoskxVYyTnHCZDc5huTjUNJNqQgDXgQnC78oBGcdWsdy0LX9NDU4T5VmWJ/aJg
X2NyBkQp9udx+WT5Sh4OTcif+U1K6D2xIQFHCHaAPQg+KuBdzvYOlmk+mYwmlqyh
3Qi+l7he0eHIFJsyn7OZExtCwfShKk6vMjEK3ZVNxCKHHXODWbNVKDEumPfFzEMN
72zl/xpz+a9N6vzkB/IImXkBDGGrfhdeEgm+onEG5R/698jEPHK9chnBqqIKLeD+
3iNobIWPX9N9fcMRbygnXm5asPHLtEjwqW2QOjFKBlJ3isleOgI=
=5Uou
-----END PGP SIGNATURE-----