[ubuntu/jammy-proposed] lxml 4.6.4-1ubuntu1 (Accepted)

Leonidas Da Silva Barbosa leo.barbosa at canonical.com
Wed Jan 5 16:29:12 UTC 2022


lxml (4.6.4-1ubuntu1) jammy; urgency=medium

  * SECURITY UPDATE: XSS vulnerability
    - debian/patches/CVE-2021-43818-*.patch: prevent "@import"
      from re-occurring in the CSS after replacements and remove
      SVG image data URLs since they can embed script content in
      src/lxml/html/clean.py, src/html/tests/test_clean.py.
    - CVE-2021-43818

Date: Tue, 04 Jan 2022 09:12:00 -0300
Changed-By: Leonidas Da Silva Barbosa <leo.barbosa at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/lxml/4.6.4-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 04 Jan 2022 09:12:00 -0300
Source: lxml
Built-For-Profiles: noudeb
Architecture: source
Version: 4.6.4-1ubuntu1
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Leonidas Da Silva Barbosa <leo.barbosa at canonical.com>
Changes:
 lxml (4.6.4-1ubuntu1) jammy; urgency=medium
 .
   * SECURITY UPDATE: XSS vulnerability
     - debian/patches/CVE-2021-43818-*.patch: prevent "@import"
       from re-occurring in the CSS after replacements and remove
       SVG image data URLs since they can embed script content in
       src/lxml/html/clean.py, src/html/tests/test_clean.py.
     - CVE-2021-43818
Checksums-Sha1:
 0bc67ed8b91260f39459a2e47a5447f0e1a7f9e4 2020 lxml_4.6.4-1ubuntu1.dsc
 f71bbe465c8106f2eca39b56f3d59c4c2cc6ecaa 10012 lxml_4.6.4-1ubuntu1.debian.tar.xz
 f5d0dcc7d89bd3cfcd9589af7f893010215e6ff5 9006 lxml_4.6.4-1ubuntu1_source.buildinfo
Checksums-Sha256:
 27282ead7c1ca5b12e50d69c0a93033648209679a587414ed6cd702a61d461b5 2020 lxml_4.6.4-1ubuntu1.dsc
 3001485b903048b3350c02cb10c2af688b5e3b4949e4911d4d5664f4fa7345fe 10012 lxml_4.6.4-1ubuntu1.debian.tar.xz
 b151439236d5a6b9fe2c1d7204ba9f367fcccfcb705368c93d387d25621ee251 9006 lxml_4.6.4-1ubuntu1_source.buildinfo
Files:
 8372e114ec18be3611ef50b39123c8d0 2020 python optional lxml_4.6.4-1ubuntu1.dsc
 931fd7f444021c0f3bfa83b333dae561 10012 python optional lxml_4.6.4-1ubuntu1.debian.tar.xz
 81576999baf9b9a736a2efed193b4b91 9006 python optional lxml_4.6.4-1ubuntu1_source.buildinfo
Original-Maintainer: Matthias Klose <doko at debian.org>


More information about the jammy-changes mailing list