Ubuntu
lxml package

Change logs for lxml source package in Focal

  1. Focal (20.04)
  2. Change log 
  • lxml (4.5.0-1ubuntu0.5) focal-security; urgency=medium

  * SECURITY UPDATE: XSS vulnerability
    - debian/patches/CVE-2021-43818-*.patch: prevent "@import"
      from re-occurring in the CSS after replacements and remove
      SVG image data URLs since they can embed script content in
      src/lxml/html/clean.py, src/html/tests/test_clean.py.
    - CVE-2021-43818

 -- Leonidas Da Silva Barbosa <email address hidden>  Tue, 04 Jan 2022 09:33:10 -0300
  • lxml (4.5.0-1ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: incorrect formaction attribute input sanitization
    - debian/patches/CVE-2021-28957.patch: add HTML-5 formaction attribute
      to defs.link_attrs in src/lxml/html/defs.py,
      src/lxml/html/tests/test_clean.py.
    - CVE-2021-28957

 -- Marc Deslauriers <email address hidden>  Mon, 29 Mar 2021 12:04:02 -0400
  • lxml (4.5.0-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: XSS vulnerability
    - debian/patches/CVE-2020-27783-part2*.patch:
      This adds the missing part reported from upstream
      Prevent combinations of <noscript> and <style> to sneak
      JS through the HTML cleaner in src/lxml/html/clean.py,
      src/lxml/html/tests/test_clean.py.
    - CVE-2020-27783
  * Adding --with-cython to debian/rules in order to it build compile the .py
    files changed and regenerate the .c files to the binaries.

 -- Leonidas Da Silva Barbosa <email address hidden>  Wed, 09 Dec 2020 21:56:41 -0300
  • lxml (4.5.0-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: XSS vulnerability
    - Prevent combinations of <noscript> and <style> to sneak
      JS through the HTML cleaner in src/lxml/html/clean.py,
      src/lxml/html/tests/test_clean.py.
    - CVE-2020-27783

 -- Leonidas Da Silva Barbosa <email address hidden>  Tue, 08 Dec 2020 13:54:35 -0300
  • lxml (4.5.0-1) unstable; urgency=medium

  * New upstream version.
  * Bump standards version.

 -- Matthias Klose <email address hidden>  Tue, 18 Feb 2020 16:57:26 +0100
  • lxml (4.4.2-1build1) focal; urgency=medium

  * No-change rebuild to drop python3.7.

 -- Matthias Klose <email address hidden>  Tue, 18 Feb 2020 10:44:09 +0100
  • lxml (4.4.2-1) unstable; urgency=medium

  * New upstream version.
  * python-lxml-dbg: Depend on python2-dbg instead of python-dbg.
  * Bump standards version.

 -- Matthias Klose <email address hidden>  Thu, 09 Jan 2020 13:55:11 +0100
  • lxml (4.4.1-1build1) focal; urgency=medium

  * No-change rebuild to build with python3.8.

 -- Matthias Klose <email address hidden>  Fri, 18 Oct 2019 18:32:44 +0000
  • lxml (4.4.1-1) unstable; urgency=medium

  * New upstream version.
  * Bump standards version.

 -- Matthias Klose <email address hidden>  Thu, 15 Aug 2019 19:27:20 +0200