- update to 4.6.5 (bsc#1193752, CVE-2021-43818):

* A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script
    content through SVG images.
  * A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script
    content through CSS imports and other crafted constructs.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-lxml?expand=0&rev=152

lxml-4.6.4.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:daf9bd1fee31f1c7a5928b3e1059e09a8d683ea58fb3ffc773b6c88cb8d1399c
-size 3177833

lxml-4.6.5.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6e84edecc3a82f90d44ddee2ee2a2630d4994b8471816e226d2b771cda7ac4ca
+size 3188254

python-lxml.changes

@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Tue Jan  4 16:03:54 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 4.6.5 (bsc#1193752, CVE-2021-43818):
+  * A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script
+    content through SVG images.
+  * A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script
+    content through CSS imports and other crafted constructs.
+
 -------------------------------------------------------------------
 Wed Nov 24 21:23:34 UTC 2021 - Dirk Müller <dmueller@suse.com>
 

python-lxml.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-lxml
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
 
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 Name:           python-lxml
-Version:        4.6.4
+Version:        4.6.5
 Release:        0
 Summary:        Pythonic XML processing library
 License:        BSD-3-Clause AND GPL-2.0-or-later