lxml security update

2014-06-26T17:16:35
ID DEBIAN:931B842EADF7333E6D5CB763EDB5379A:EB5A6
Type debian
Reporter Debian
Modified 2014-06-26T17:16:35

Description

Package : lxml Version : 2.2.8-2+deb6u1 CVE ID : CVE-2014-3146 Debian Bug : #746812

It was discovered that clean_html() function of lxml (pythonic bindings for the libxml2 and libxslt libraries) performed insufficient sanitisation for some non-printable characters. This could lead to cross-site scripting.