python-lxml vulnerable to CVE-2014-3146
Bug #1319603 reported by
Ryan Scarbery
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxml (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Description: Ubuntu 12.04.4 LTS
Release: 12.04
python-lxml:
Installed: 2.3.2-1
Candidate: 2.3.2-1
Version table:
*** 2.3.2-1 0
500 http://
100 /var/lib/
lxml.html.
Example PoC:
http://
This is patched in lxml-3.3.5:
https:/
CVE References
information type: | Private Security → Public Security |
Changed in lxml (Ubuntu): | |
status: | New → Fix Released |
To post a comment you must log in.