Accepting request 589012 from home:kbabioch:branches:devel:languages:python

- Update to version 2.1.3: * Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized. (CVE-2018-7753 bnc#1085969) OBS-URL: https://build.opensuse.org/request/show/589012 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bleach?expand=0&rev=18
2018-03-20 09:37:42 +00:00 · 2018-03-20 09:37:42 +00:00 · c2eee5a36f
commit c2eee5a36f
parent b910cc8b93
4 changed files with 15 additions and 5 deletions
--- a/bleach-2.1.2.tar.gz
+++ b/bleach-2.1.2.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:38fc8cbebea4e787d8db55d6f324820c7f74362b70db9142c1ac7920452d1a19
-size 58954
--- a/bleach-2.1.3.tar.gz
+++ b/bleach-2.1.3.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:eb7386f632349d10d9ce9d4a838b134d4731571851149f9cc2c05a9a837a9a44
+size 60141
--- a/python-bleach.changes
+++ b/python-bleach.changes
@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Tue Mar 20 08:38:36 UTC 2018 - kbabioch@suse.com
+
+- Update to version 2.1.3:
+  * Attributes that have URI values weren't properly sanitized if the
+    values contained character entities. Using character entities, it
+    was possible to construct a URI value with a scheme that was not
+    allowed that would slide through unsanitized.
+    (CVE-2018-7753 bnc#1085969)
+
 -------------------------------------------------------------------
 Thu Dec  7 16:50:14 UTC 2017 - arun@gmx.de

--- a/python-bleach.spec
+++ b/python-bleach.spec
@ -1,7 +1,7 @@
 #
 # spec file for package python-bleach
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 # Copyright (c) 2015 LISA GmbH, Bingen, Germany.
 #
 # All modifications and additions to the file contributed by third parties
@ -19,7 +19,7 @@

 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 Name:           python-bleach
-Version:        2.1.2
+Version:        2.1.3
 Release:        0
 Summary:        An easy whitelist-based HTML-sanitizing tool
 License:        Apache-2.0