- ------------------------------------------------------------------------- Debian LTS Advisory DLA-2419-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Thorsten Alteholz October 29, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : dompurify.js Version : 0.8.2~dfsg1-1+deb9u1 CVE ID : CVE-2019-16728 CVE-2020-26870 Two issues have been found in dompurify.js, an XSS sanitizer for HTML, MathML and SVG. Both issues are related to mXSS issues in SVG- or MATH-elements. For Debian 9 stretch, these problems have been fixed in version 0.8.2~dfsg1-1+deb9u1. We recommend that you upgrade your dompurify.js packages. For the detailed security status of dompurify.js please refer to its security tracker page at: Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Debian LTS: DLA-2419-1: dompurify.js security update
October 29, 2020
Two issues have been found in dompurify.js, an XSS sanitizer for HTML, MathML and SVG
Summary
Two issues have been found in dompurify.js, an XSS sanitizer for HTML,
MathML and SVG.
Both issues are related to mXSS issues in SVG- or MATH-elements.
For Debian 9 stretch, these problems have been fixed in version
0.8.2~dfsg1-1+deb9u1.
We recommend that you upgrade your dompurify.js packages.
For the detailed security status of dompurify.js please refer to
its security tracker page at:
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Severity
Package : dompurify.js
Version : 0.8.2~dfsg1-1+deb9u1
CVE ID : CVE-2019-16728 CVE-2020-26870
News
HOWTOs
About Us
Powered By
