-
lxml (3.5.0-1ubuntu0.4) xenial-security; urgency=medium
* SECURITY UPDATE: incorrect formaction attribute input sanitization
- Add HTML-5 formaction attribute to defs.link_attrs in
src/lxml/html/defs.py, src/lxml/html/tests/test_clean.py.
- CVE-2021-28957
-- Marc Deslauriers <email address hidden> Mon, 29 Mar 2021 12:05:53 -0400
-
lxml (3.5.0-1ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: XSS vulnerability
- This adds the missing part reported from upstream
Prevent combinations of <noscript> and <style> to sneak
JS through the HTML cleaner in src/lxml/html/clean.py,
src/lxml/html/tests/test_clean.py.
- CVE-2020-27783
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 09 Dec 2020 22:01:26 -0300
-
lxml (3.5.0-1ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: XSS vulnerability
- Prevent combinations of <noscript> and <style> to sneak
JS through the HTML cleaner in src/lxml/html/clean.py,
src/lxml/html/tests/test_clean.py.
- CVE-2020-27783
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 08 Dec 2020 13:51:53 -0300
-
lxml (3.5.0-1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: XSS attacks
- Make the cleaner remove javascript URLs
that use espacing in in src/lxml/html/clean.py,
src/lxml/html/tests/test_clean.txt.
- CVE-2018-19787
-- <email address hidden> (Leonidas S. Barbosa) Fri, 07 Dec 2018 08:28:49 -0300
-
lxml (3.5.0-1build1) xenial; urgency=medium
* No-change rebuild to drop python3.4 support.
-- Matthias Klose <email address hidden> Tue, 19 Jan 2016 11:45:55 +0000
-
lxml (3.5.0-1) unstable; urgency=medium
* New upstream version 3.5.0.
-- Matthias Klose <email address hidden> Fri, 04 Dec 2015 13:03:31 +0100
-
lxml (3.4.4-1) unstable; urgency=medium
* New upstream version 3.4.4.
-- Matthias Klose <email address hidden> Mon, 03 Aug 2015 14:13:30 +0200