Summary: | <dev-python/lxml-4.2.5: XSS attack (CVE-2018-19787) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Vlad K. <vk-gentoo-bugs> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | python |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=509134 | ||
Whiteboard: | B4 [noglsa cve] | ||
Package list: |
dev-python/lxml-4.2.5
|
Runtime testing required: | --- |
Description
Vlad K.
2018-12-10 13:53:59 UTC
Appears fixed in 4.2.5, so I suppose a call to stabilize dev-python/lxml-4.2.5 would be in order. * https://github.com/lxml/lxml/blob/master/CHANGES.txt#L44 -- Gentoo Security Scout Vladimir Krstulja Arches, please stabilize. ia64/ppc/ppc64 stable sparc stable x86 stable amd64 stable hppa stable alpha stable arm stable s390 stable arm64 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5017aebd8f4aaa096076cdde32a039188b6702b6 commit 5017aebd8f4aaa096076cdde32a039188b6702b6 Author: Virgil Dupras <vdupras@gentoo.org> AuthorDate: 2019-01-07 20:44:33 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2019-01-07 20:44:33 +0000 dev-python/lxml: remove old Bug: https://bugs.gentoo.org/672874 Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 dev-python/lxml/Manifest | 2 - .../lxml/files/lxml-3.6.4-fix-test_xmlschema.patch | 36 ---------- dev-python/lxml/lxml-4.1.1.ebuild | 80 --------------------- dev-python/lxml/lxml-4.2.6.ebuild | 82 ---------------------- 4 files changed, 200 deletions(-) Cleanup done. |