| Errata ID | 563 |
|---|---|
| Date | 2018-12-12 |
| Source package | lxml |
| Fixed in version | 3.4.0-1+deb8u1 |
| Description | This update addresses the following issues: * An issue was discovered in lxml: the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks. This is a similar issue to CVE-2014-3146. (CVE-2018-19787) |
| Additional notes | |
| CVE ID | CVE-2018-19787 CVE-2014-3146 |
| UCS Bug number | #48308 |
