- update to 4.6.3:

* A vulnerability (CVE-2021-28957) was discovered in the HTML Cleaner by Kevin Chung, which allowed JavaScript to pass through. The cleaner now removes the HTML5 ``formaction`` attribute. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-lxml?expand=0&rev=145
2021-04-06 01:54:45 +00:00 · 2021-04-06 01:54:45 +00:00 · 34c29f33db
commit 34c29f33db
parent fa2fc0c2a7
4 changed files with 12 additions and 4 deletions
--- a/lxml-4.6.2.tar.gz
+++ b/lxml-4.6.2.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:cd11c7e8d21af997ee8079037fff88f16fda188a9776eb4b81c7e4c9c0a7d7fc
-size 3177310
--- a/lxml-4.6.3.tar.gz
+++ b/lxml-4.6.3.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:39b78571b3b30645ac77b95f7c69d1bffc4cf8c3b157c435a34da72e78c82468
+size 3191113
--- a/python-lxml.changes
+++ b/python-lxml.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Apr  6 01:51:29 UTC 2021 - Dirk Müller <dmueller@suse.com>
+
+- update to 4.6.3:
+  * A vulnerability (CVE-2021-28957) was discovered in the HTML Cleaner by Kevin Chung,
+    which allowed JavaScript to pass through.  The cleaner now removes the HTML5
+    ``formaction`` attribute.
+
 -------------------------------------------------------------------
 Sun Jan 24 10:21:16 UTC 2021 - Dirk Müller <dmueller@suse.com>

--- a/python-lxml.spec
+++ b/python-lxml.spec
@ -18,7 +18,7 @@

 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 Name:           python-lxml
-Version:        4.6.2
+Version:        4.6.3
 Release:        0
 Summary:        Pythonic XML processing library
 License:        BSD-3-Clause AND GPL-2.0-or-later