-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4643-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 20, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-bleach CVE ID : CVE-2020-6816 Debian Bug : 954236 It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when strip=False and 'math' or 'svg' tags and one or more of the RCDATA tags were whitelisted. For the stable distribution (buster), this problem has been fixed in version 3.1.2-0+deb10u1. We recommend that you upgrade your python-bleach packages. For the detailed security status of python-bleach please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-bleach Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl51IHhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R3Kg/+IPUwLr7N5JME8KbMLd0nATeSQ8V787brGJsI0gfACrTUUlk2zEAaMhVw /abTp4+ok4U8onI+UoWlahnyEbmrpplOxTswcvDpbjGDTA3gOH76pl5QUtsHwfBD RAMggQAODzdxzrx07m9nrJYzZ0ECU0TsN3cC52oZ0M5slWupOp8BI8YcB8Sb9LF2 TEZFUM5Sn4nRMbCKP3gOesnylb647XDb9lHBY+pTrNfpNyB3MzaDmtfoTtW24B/7 RoLlla0IUFbb4ZX4BbQLSYzycFvN2rgbp2JPbbPWGIIsBX1nxKYQd4OagL6pc95W Yi/wEAZP34rlU9Emj99KJLY/YwHFeDPHGER7D3Z9aSuCxoLKvTUkBNi3OlaD/M4w 50MOiq3RseQxVvYX7fyPobHzC2mR/MxzRqvse6is4GFvsg/lBc4r/23VCIWFHlCY pgJVDS7okbFwVoAaWLGCIKSb3CWivivhhvq1mcw55dOU+mIT7DKj7aXDfpjFuiw8 bdmXAv126c3Nv9lBrRDNLRnAAEy06hZ0+wmoDnYHyKO3kegqNbb4BH9+mtxDc3jr 3Qa82JUA3imbi9AY9P0kZbVOREc5n5Icfd7Je6UGA30NNlRfLiYspIvQkmRgLGsV Y5P7gTMYJtt2/qPAtF6w8wtfFijESwGOvMVBH1LyGeETbSf/50U= =k2n8 -----END PGP SIGNATURE-----