Ubuntu
lxml package

Change logs for lxml source package in Groovy

  1. Groovy (20.10)
  2. Change log 
  • lxml (4.5.2-1ubuntu0.4) groovy-security; urgency=medium

  * SECURITY UPDATE: incorrect formaction attribute input sanitization
    - debian/patches/CVE-2021-28957.patch: add HTML-5 formaction attribute
      to defs.link_attrs in src/lxml/html/defs.py,
      src/lxml/html/tests/test_clean.py.
    - CVE-2021-28957

 -- Marc Deslauriers <email address hidden>  Mon, 29 Mar 2021 12:01:32 -0400
  • lxml (4.5.2-1ubuntu0.3) groovy-security; urgency=medium

  * SECURITY UPDATE: XSS vulnerability
    - debian/patches/CVE-2020-27783-part2*.patch:
      This adds the missing part reported from upstream
      Prevent combinations of <noscript> and <style> to sneak
      JS through the HTML cleaner in src/lxml/html/clean.py,
      src/lxml/html/tests/test_clean.py.
    - CVE-2020-27783
  * Adding --with-cython to debian/rules in order to it build compile the .py
    files changed and regenerate the .c files to the binaries.

 -- Leonidas Da Silva Barbosa <email address hidden>  Thu, 10 Dec 2020 12:55:54 -0300
  • lxml (4.5.2-1ubuntu0.1) groovy-security; urgency=medium

  * SECURITY UPDATE: XSS vulnerability
    - Prevent combinations of <noscript> and <style> to sneak
      JS through the HTML cleaner in src/lxml/html/clean.py,
      src/lxml/html/tests/test_clean.py.
    - CVE-2020-27783

 -- Leonidas Da Silva Barbosa <email address hidden>  Tue, 08 Dec 2020 13:56:06 -0300
  • lxml (4.5.2-1) unstable; urgency=medium

  * New upstream version.
  * Stop building python2 packages.
  * Bump debhelper version.

 -- Matthias Klose <email address hidden>  Fri, 17 Jul 2020 11:05:52 +0200
  • lxml (4.5.0-1.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Remove bogus breaks on python-lxml (Closes: #959687)

 -- Paul Wise <email address hidden>  Fri, 12 Jun 2020 07:38:26 +0800
  • lxml (4.5.0-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Drop python2 support; Closes: #936973
  * Install documentation under python-lxml-doc
  * python3-lxml takes over some file from python-lxml, so Breaks+Replaces it

 -- Sandro Tosi <email address hidden>  Mon, 13 Apr 2020 12:39:33 -0400
  • lxml (4.5.0-1) unstable; urgency=medium

  * New upstream version.
  * Bump standards version.

 -- Matthias Klose <email address hidden>  Tue, 18 Feb 2020 16:57:26 +0100