It was discovered that DOMPurify, a sanitizer for HTML, MathML and SVG was
susceptible to nesting-based mXSS.

https://security-tracker.debian.org/tracker/DSA-5790-1

Read More

Elyas Damej discovered that a sandbox mechanism in ReportLab, a Python
library to create PDF documents, could be bypassed which may result in
the execution of arbitrary code when converting malformed HTML to a PDF
document.

https://security-tracker.debian.org/tracker/DSA-5791-1

Read More