- ------------------------------------------------------------------------- Debian Security Advisory DSA-4892-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 18, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-bleach CVE ID : CVE-2021-23980 Debian Bug : 986251 It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when 'svg' or 'math' are in the allowed tags, 'p' or 'br' are in allowed tags, 'style', 'title', 'noscript', 'script', 'textarea', 'noframes', 'iframe', or 'xmp' are in allowed tags and 'strip_comments=False' is set. For the stable distribution (buster), this problem has been fixed in version 3.1.2-0+deb10u2. We recommend that you upgrade your python-bleach packages. For the detailed security status of python-bleach please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-bleach Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected]
Debian: DSA-4892-1: python-bleach security update
April 18, 2021
Summary
It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when 'svg' or 'math' are in the allowed tags, 'p' or 'br' are in allowed tags, 'style', 'title', 'noscript', 'script', 'textarea', 'noframes', 'iframe', or 'xmp' are in allowed tags and 'strip_comments=False' is set. For the stable distribution (buster), this problem has been fixed in version 3.1.2-0+deb10u2. We recommend that you upgrade your python-bleach packages. For the detailed security status of python-bleach please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-bleach Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected]
Debian Security Advisory DSA-4892-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 18, 2021 https://www.debian.org/security/faq
Severity
Package : python-bleach
CVE ID : CVE-2021-23980
Debian Bug : 986251
News
HOWTOs
Features
Secure Linux Hosting for Businesses
What Is Threat Intelligence?
CloudLinux Simplifies & Enhances Linux Security with its TuxCare Unified Enterprise Support Services
LinuxSecurity, Leading Provider of Linux Security News and Information, Unveils its New Website
Biden's New Executive Cybersecurity Order Highlights the Power of Open-Source Security
About Us
Powered By
