-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 23 Mar 2021 19:03:02 +0100 Source: lxml Binary: python-lxml python-lxml-dbg python3-lxml python3-lxml-dbg python-lxml-doc Architecture: source amd64 all Version: 3.7.1-1+deb9u4 Distribution: stretch-security Urgency: medium Maintainer: Matthias Klose <doko@debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: python-lxml - pythonic binding for the libxml2 and libxslt libraries python-lxml-dbg - pythonic binding for the libxml2 and libxslt libraries (debug ext python-lxml-doc - pythonic binding for the libxml2 and libxslt libraries (documenta python3-lxml - pythonic binding for the libxml2 and libxslt libraries python3-lxml-dbg - pythonic binding for the libxml2 and libxslt libraries (debug ext Changes: lxml (3.7.1-1+deb9u4) stretch-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2021-28957 Due to missing input sanitization, XSS is possible for the HTML5 formatcion attribute. Checksums-Sha1: 4c16a8f2618889eb7e84ca17f0e3b29912e71046 2407 lxml_3.7.1-1+deb9u4.dsc 8ad2b82477bf59e05d1a8124211ececf986f7868 3788105 lxml_3.7.1.orig.tar.gz dff4f4529885304c3185eea1618d0295a695b72d 10552 lxml_3.7.1-1+deb9u4.debian.tar.xz af4e5e7f1f5a7874693459594f4f4a52c67f84a1 9537 lxml_3.7.1-1+deb9u4_amd64.buildinfo 1dab0fd8c863fdc7e06b39da9ee76ab4b4733837 3219920 python-lxml-dbg_3.7.1-1+deb9u4_amd64.deb 1f10398208cabad88a42e8d81281535e4bbc2f00 1101430 python-lxml-doc_3.7.1-1+deb9u4_all.deb 8304971dc9e69ca9bed95a6bd6395c43daf14e76 903982 python-lxml_3.7.1-1+deb9u4_amd64.deb 4e2be6389ac0d0cc9c4702296bd5430ec9849371 5143384 python3-lxml-dbg_3.7.1-1+deb9u4_amd64.deb 79142f296c9c5ee2c1b8dcb26c26400989da7d75 900288 python3-lxml_3.7.1-1+deb9u4_amd64.deb Checksums-Sha256: b60c3e6e0bcadf937fd70287a3db17072c23cb6602071b3d0e7a2c838635edc8 2407 lxml_3.7.1-1+deb9u4.dsc 1c7f6771838300787cfa1bb3ed6512e9dc78e60ecb308a8ed49ac956569c1cca 3788105 lxml_3.7.1.orig.tar.gz 8758e0c49b58b69db7e5fbfd1d822343e6ce440b7070c9b8d734b6842ae070fa 10552 lxml_3.7.1-1+deb9u4.debian.tar.xz 4423fd661a3f7e636c7020e0b12dfbddbabc7e80d8f4f25d6c5b74a539299b1b 9537 lxml_3.7.1-1+deb9u4_amd64.buildinfo c72ae29ef2d5643d1c3ebc802f9ca0540a692c511be2e6a12f762d40e240a3c7 3219920 python-lxml-dbg_3.7.1-1+deb9u4_amd64.deb bbdba49917f7dfa47a09274d6a60ad16e33338822afa59e47607182412a4ce95 1101430 python-lxml-doc_3.7.1-1+deb9u4_all.deb 45a55059f2efc71102bcb02c2a4fa60c34d23fb3bb773494b3531417038af0f0 903982 python-lxml_3.7.1-1+deb9u4_amd64.deb cd120f22d5415f396e81282b483b432f93a6f26f04eda5925e6d2f249cdd86f6 5143384 python3-lxml-dbg_3.7.1-1+deb9u4_amd64.deb 0e527f38fc081cd680bf14bec1e41cb773c369f785dba9b341cce12d85dd0267 900288 python3-lxml_3.7.1-1+deb9u4_amd64.deb Files: 1a99788923e3b6fb07b378a3b579c31a 2407 python optional lxml_3.7.1-1+deb9u4.dsc dde0e225b51de26dd47c60575bce8e16 3788105 python optional lxml_3.7.1.orig.tar.gz 00cf6a55a3f1dfee24459a57a0f17166 10552 python optional lxml_3.7.1-1+deb9u4.debian.tar.xz f0832a367dc848ade40ee9b78a8ae59a 9537 python optional lxml_3.7.1-1+deb9u4_amd64.buildinfo b7eef75f45619c6f3286aef38e51c23a 3219920 debug extra python-lxml-dbg_3.7.1-1+deb9u4_amd64.deb 5dcd9f40774decceed41c88ab603d385 1101430 doc extra python-lxml-doc_3.7.1-1+deb9u4_all.deb c4e560d920bed78d775a5673a7d15087 903982 python optional python-lxml_3.7.1-1+deb9u4_amd64.deb 8cb34f1acf34b0be00a10913ad1fa200 5143384 debug extra python3-lxml-dbg_3.7.1-1+deb9u4_amd64.deb 724f46341ccf7c98a229165d72e5c2a0 900288 python optional python3-lxml_3.7.1-1+deb9u4_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmBbbJ9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR9udD/40YX1vUkp/EiKi90p3Fjw05XXaJA73 GC0x5ZBN1L4rj2uxwRqFhBBhu/XpPjeQ7WmE7JCo1IeG19n0ZH3FDw+O0TXJ2DE4 84hW4keWnwOFbjoddhUDRFUDdSPlTFa0/PfqIkhCN+FyOMrSL3DddFUeDLBkpu7x 5+fvraLzz1AgKGlyhhnsutE9OmbGC+nI9MlO55OwH4QsEceKI5KTy2F5C5tQFxF0 fclPLR5v2MD7X7TCpABl/6oXkiXapzcDuKSwICDB4tVL+pz2cJqNva2Qofit9gO3 12KHVkdFDEsAR36vdnLg3SlWCEUMzpWHoGcCHS5ZDZXIsfEW6GPg9vcIUV1HK2/J QfPAB3/fONsK6/XXRi+67CLpvXhUpFzsbxJz3WX3UCcfWI4sLlTUcVV4fAuXjkW+ H5vGOVo2tgoAJWUeepuxlyNXLNGjoFjBCHTvNB0u0uCU0sOQ4iyMxdPKSsTtewj0 NRWCvFKk6cYgh+1JcugsX49nWN1C2MjsAb11ilJV4qdqPAm7Dz4Z4nnsBN3lto2Z WcsKgXz5/ngYS2PelsP/BG57CBl33gmVID9F9AOJGGoZx+KaT9W7XfVKAfCZUcfy rCtNrEDQ+IR3NKoVJewVUHz44Fod0SXAqdzbzQDUAK+KzOWz+bQqhJmtk7YT8j7Y B3QxM6OPtpE1Bg== =AgxO -----END PGP SIGNATURE-----