| Package | lxml |
|---|---|
| Version | 3.4.0-1+deb8u2 |
| Related CVEs | CVE-2018-19787 CVE-2020-27783 |
It was discovered that the clean_html() function of lxml, a Python library
for HTML and XML processing, performed insufficient sanitisation for embedded
Javascript code. This could lead to cross-site scripting or possibly the
execution of arbitrary code.
For Debian 8 jessie, these problems have been fixed in version 3.4.0-1+deb8u2.
We recommend that you upgrade your lxml packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.