- ------------------------------------------------------------------------- Debian Security Advisory DSA-4892-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 18, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-bleach CVE ID : CVE-2021-23980 Debian Bug : 986251 It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when 'svg' or 'math' are in the allowed tags, 'p' or 'br' are in allowed tags, 'style', 'title', 'noscript', 'script', 'textarea', 'noframes', 'iframe', or 'xmp' are in allowed tags and 'strip_comments=False' is set. For the stable distribution (buster), this problem has been fixed in version 3.1.2-0+deb10u2. We recommend that you upgrade your python-bleach packages. For the detailed security status of python-bleach please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-bleach Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected]
Debian: DSA-4892-1: python-bleach security update
April 18, 2021
Summary
It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when 'svg' or 'math' are in the allowed tags, 'p' or 'br' are in allowed tags, 'style', 'title', 'noscript', 'script', 'textarea', 'noframes', 'iframe', or 'xmp' are in allowed tags and 'strip_comments=False' is set. For the stable distribution (buster), this problem has been fixed in version 3.1.2-0+deb10u2. We recommend that you upgrade your python-bleach packages. For the detailed security status of python-bleach please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-bleach Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected]
Debian Security Advisory DSA-4892-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 18, 2021 https://www.debian.org/security/faq
Severity
Package : python-bleach
CVE ID : CVE-2021-23980
Debian Bug : 986251
News
HOWTOs
Features
Time is running out for CentOS 8
Open-Source Tool of the Month: Uptycs Addresses Modern Cloud-Native & Containerization Security Challenges with its Uptycs Security Analytics Platform
Best File and Disk Encryption Tools For Linux
Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack
What You Need to Know About Linux Rootkits
About Us
Powered By
