-
lxml (4.5.0-1ubuntu0.5) focal-security; urgency=medium
* SECURITY UPDATE: XSS vulnerability
- debian/patches/CVE-2021-43818-*.patch: prevent "@import"
from re-occurring in the CSS after replacements and remove
SVG image data URLs since they can embed script content in
src/lxml/html/clean.py, src/html/tests/test_clean.py.
- CVE-2021-43818
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 04 Jan 2022 09:33:10 -0300
-
lxml (4.5.0-1ubuntu0.3) focal-security; urgency=medium
* SECURITY UPDATE: incorrect formaction attribute input sanitization
- debian/patches/CVE-2021-28957.patch: add HTML-5 formaction attribute
to defs.link_attrs in src/lxml/html/defs.py,
src/lxml/html/tests/test_clean.py.
- CVE-2021-28957
-- Marc Deslauriers <email address hidden> Mon, 29 Mar 2021 12:04:02 -0400
-
lxml (4.5.0-1ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: XSS vulnerability
- debian/patches/CVE-2020-27783-part2*.patch:
This adds the missing part reported from upstream
Prevent combinations of <noscript> and <style> to sneak
JS through the HTML cleaner in src/lxml/html/clean.py,
src/lxml/html/tests/test_clean.py.
- CVE-2020-27783
* Adding --with-cython to debian/rules in order to it build compile the .py
files changed and regenerate the .c files to the binaries.
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 09 Dec 2020 21:56:41 -0300
-
lxml (4.5.0-1ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: XSS vulnerability
- Prevent combinations of <noscript> and <style> to sneak
JS through the HTML cleaner in src/lxml/html/clean.py,
src/lxml/html/tests/test_clean.py.
- CVE-2020-27783
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 08 Dec 2020 13:54:35 -0300
-
lxml (4.5.0-1) unstable; urgency=medium
* New upstream version.
* Bump standards version.
-- Matthias Klose <email address hidden> Tue, 18 Feb 2020 16:57:26 +0100
-
lxml (4.4.2-1build1) focal; urgency=medium
* No-change rebuild to drop python3.7.
-- Matthias Klose <email address hidden> Tue, 18 Feb 2020 10:44:09 +0100
-
lxml (4.4.2-1) unstable; urgency=medium
* New upstream version.
* python-lxml-dbg: Depend on python2-dbg instead of python-dbg.
* Bump standards version.
-- Matthias Klose <email address hidden> Thu, 09 Jan 2020 13:55:11 +0100
-
lxml (4.4.1-1build1) focal; urgency=medium
* No-change rebuild to build with python3.8.
-- Matthias Klose <email address hidden> Fri, 18 Oct 2019 18:32:44 +0000
-
lxml (4.4.1-1) unstable; urgency=medium
* New upstream version.
* Bump standards version.
-- Matthias Klose <email address hidden> Thu, 15 Aug 2019 19:27:20 +0200