Adrian Bunk pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
abbdf580 by Adrian Bunk at 2026-06-19T00:24:45+03:00
CVE-2026-28348/CVE-2026-28350: lxml-html-clean was part of lxml before trixie

Both CVEs reproduce in bookworm.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -64528,15 +64528,19 @@ CVE-2026-28542 (Permission bypass vulnerability in 
the system service framework.
 CVE-2026-28353 (Trivy Vulnerability Scanner is a VS Code extension that helps 
find vul ...)
        - trivy <itp> (bug #929458)
 CVE-2026-28350 (lxml_html_clean is a project for HTML cleaning functionalities 
copied  ...)
+       - lxml 5.2.0-1
        - lxml-html-clean 0.4.4-1
        [trixie] - lxml-html-clean <no-dsa> (Minor issue)
        NOTE: 
https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-xvp8-3mhv-424c
        NOTE: Fixed by: 
https://github.com/fedora-python/lxml_html_clean/commit/9c5612ca33b941eec4178abf8a5294b103403f34
 (0.4.4)
+       NOTE: lxml-html-clean was split out of lxml in 5.2.0
 CVE-2026-28348 (lxml_html_clean is a project for HTML cleaning functionalities 
copied  ...)
+       - lxml 5.2.0-1
        - lxml-html-clean 0.4.4-1
        [trixie] - lxml-html-clean <no-dsa> (Minor issue)
        NOTE: 
https://github.com/fedora-python/lxml_html_clean/security/advisories/GHSA-hw26-mmpg-fqfg
        NOTE: Fixed by: 
https://github.com/fedora-python/lxml_html_clean/commit/2ef732667ddbc74ea59847bcf24b75809aaeed3b
 (0.4.4)
+       NOTE: lxml-html-clean was split out of lxml in 5.2.0
 CVE-2026-28343 (CKEditor 5 is a modern JavaScript rich-text editor with an MVC 
archite ...)
        TODO: check
 CVE-2026-28342 (OliveTin gives access to predefined shell commands from a web 
interfac ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abbdf58048a099289d84af3ec94a309f54cf8cb2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abbdf58048a099289d84af3ec94a309f54cf8cb2
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to