Debian alert DLA-2075-1 (jsoup)

From:
             
 
Thorsten Alteholz <debian@alteholz.de> 
To:
             
 
debian-lts-announce@lists.debian.org 
Subject:
             
 
[SECURITY] [DLA 2075-1] jsoup security update 
Date:
             
 
Sun, 26 Jan 2020 22:36:58 +0100 (CET)
Message-ID:
             
 
<alpine.DEB.2.20.2001262236020.29378@jupiter.server.alteholz.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : jsoup
Version        : 1.8.1-1+deb8u1
CVE ID         : CVE-2015-6748


An issue has been found in jsoup, a Java HTML parser that makes sense of 
real-world HTML soup. Due to bad handling of missing '>' at EOF a 
cross-site scripting (XSS) vulnerability could appear.


For Debian 8 "Jessie", this problem has been fixed in version
1.8.1-1+deb8u1.

We recommend that you upgrade your jsoup packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl4uBnpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEd40Q//fnOQv+fXlcGuakLoq9PH2JLJGq/50yXD0L7Vb6givvlnJysv3WEThSVt
ptucLnVv59mXYBijD2GZBg9ZuH/QKcVp4cKDNPbdJJWfxr6nV20CshTGDA1vXkoz
6S4gFQqd0bDvmCcCFdQXEIqXRPmvNNk9kijxFDUG0yGIuj3UqXSqAh7jEz/Rq2CQ
ZO+nxiqAFEFF5E9KpgfaXVcp3TgCPWHXEFuLHRMLMnAQgmRCkjomts1GTNcQY9AA
5NEVccRPE57CxhzLXY+qwdMWVjjpvYVA2RhWGC6SWrnGLAGTp1aP9L8sPqt0YGqj
uYNL2tE4ApPc9yUeC9fMGu8EG9OguPMlwPBGaciHmgO4QQAf9jf/2yDE9K8NGZSQ
tt4d9Xj7XwlROu/WomD/mbcJLi3gElaEFNjC5OamjoVet+VEnV/rLdaRjKNLVpZx
lWFMBzttvxwvVfZqLsKd6AGoRH4A8NJP+eQNurHeicqEHAs4OjL3qcGaFJrDT0ew
kUxzfedNaNm5P9n5wfgZVkT1Rsy2Cn3StKE333wgDFvpmUVZqiuBgKgYXHKBF6U6
1eC96xHrcmrB1qXjomQ84xlLxnuSFvn3UY5KxGHyJoKA9clY6vlgjHxYJlGRZDcZ
HyQXPBo2W3VvagZtxh7nklD/oL0huNBmSk2HoP71sLYzrr9cAjM=
=oI0p
-----END PGP SIGNATURE-----