[ubuntu/jammy-proposed] lxml 4.6.4-1ubuntu1 (Accepted)
Leonidas Da Silva Barbosa
leo.barbosa at canonical.com
Wed Jan 5 16:29:12 UTC 2022
lxml (4.6.4-1ubuntu1) jammy; urgency=medium
* SECURITY UPDATE: XSS vulnerability
- debian/patches/CVE-2021-43818-*.patch: prevent "@import"
from re-occurring in the CSS after replacements and remove
SVG image data URLs since they can embed script content in
src/lxml/html/clean.py, src/html/tests/test_clean.py.
- CVE-2021-43818
Date: Tue, 04 Jan 2022 09:12:00 -0300
Changed-By: Leonidas Da Silva Barbosa <leo.barbosa at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/lxml/4.6.4-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 04 Jan 2022 09:12:00 -0300
Source: lxml
Built-For-Profiles: noudeb
Architecture: source
Version: 4.6.4-1ubuntu1
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Leonidas Da Silva Barbosa <leo.barbosa at canonical.com>
Changes:
lxml (4.6.4-1ubuntu1) jammy; urgency=medium
.
* SECURITY UPDATE: XSS vulnerability
- debian/patches/CVE-2021-43818-*.patch: prevent "@import"
from re-occurring in the CSS after replacements and remove
SVG image data URLs since they can embed script content in
src/lxml/html/clean.py, src/html/tests/test_clean.py.
- CVE-2021-43818
Checksums-Sha1:
0bc67ed8b91260f39459a2e47a5447f0e1a7f9e4 2020 lxml_4.6.4-1ubuntu1.dsc
f71bbe465c8106f2eca39b56f3d59c4c2cc6ecaa 10012 lxml_4.6.4-1ubuntu1.debian.tar.xz
f5d0dcc7d89bd3cfcd9589af7f893010215e6ff5 9006 lxml_4.6.4-1ubuntu1_source.buildinfo
Checksums-Sha256:
27282ead7c1ca5b12e50d69c0a93033648209679a587414ed6cd702a61d461b5 2020 lxml_4.6.4-1ubuntu1.dsc
3001485b903048b3350c02cb10c2af688b5e3b4949e4911d4d5664f4fa7345fe 10012 lxml_4.6.4-1ubuntu1.debian.tar.xz
b151439236d5a6b9fe2c1d7204ba9f367fcccfcb705368c93d387d25621ee251 9006 lxml_4.6.4-1ubuntu1_source.buildinfo
Files:
8372e114ec18be3611ef50b39123c8d0 2020 python optional lxml_4.6.4-1ubuntu1.dsc
931fd7f444021c0f3bfa83b333dae561 10012 python optional lxml_4.6.4-1ubuntu1.debian.tar.xz
81576999baf9b9a736a2efed193b4b91 9006 python optional lxml_4.6.4-1ubuntu1_source.buildinfo
Original-Maintainer: Matthias Klose <doko at debian.org>
More information about the jammy-changes
mailing list