-
lxml (4.5.2-1ubuntu0.4) groovy-security; urgency=medium
* SECURITY UPDATE: incorrect formaction attribute input sanitization
- debian/patches/CVE-2021-28957.patch: add HTML-5 formaction attribute
to defs.link_attrs in src/lxml/html/defs.py,
src/lxml/html/tests/test_clean.py.
- CVE-2021-28957
-- Marc Deslauriers <email address hidden> Mon, 29 Mar 2021 12:01:32 -0400
-
lxml (4.5.2-1ubuntu0.3) groovy-security; urgency=medium
* SECURITY UPDATE: XSS vulnerability
- debian/patches/CVE-2020-27783-part2*.patch:
This adds the missing part reported from upstream
Prevent combinations of <noscript> and <style> to sneak
JS through the HTML cleaner in src/lxml/html/clean.py,
src/lxml/html/tests/test_clean.py.
- CVE-2020-27783
* Adding --with-cython to debian/rules in order to it build compile the .py
files changed and regenerate the .c files to the binaries.
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 10 Dec 2020 12:55:54 -0300
-
lxml (4.5.2-1ubuntu0.1) groovy-security; urgency=medium
* SECURITY UPDATE: XSS vulnerability
- Prevent combinations of <noscript> and <style> to sneak
JS through the HTML cleaner in src/lxml/html/clean.py,
src/lxml/html/tests/test_clean.py.
- CVE-2020-27783
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 08 Dec 2020 13:56:06 -0300
-
lxml (4.5.2-1) unstable; urgency=medium
* New upstream version.
* Stop building python2 packages.
* Bump debhelper version.
-- Matthias Klose <email address hidden> Fri, 17 Jul 2020 11:05:52 +0200
-
lxml (4.5.0-1.2) unstable; urgency=medium
* Non-maintainer upload.
* Remove bogus breaks on python-lxml (Closes: #959687)
-- Paul Wise <email address hidden> Fri, 12 Jun 2020 07:38:26 +0800
-
lxml (4.5.0-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Drop python2 support; Closes: #936973
* Install documentation under python-lxml-doc
* python3-lxml takes over some file from python-lxml, so Breaks+Replaces it
-- Sandro Tosi <email address hidden> Mon, 13 Apr 2020 12:39:33 -0400
-
lxml (4.5.0-1) unstable; urgency=medium
* New upstream version.
* Bump standards version.
-- Matthias Klose <email address hidden> Tue, 18 Feb 2020 16:57:26 +0100