Add missing bug and CVE references

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-lxml?expand=0&rev=165
2022-10-14 03:23:53 +00:00 · 2022-10-14 03:23:53 +00:00 · c0fd0bd8c9
commit c0fd0bd8c9
parent 4e3fa68d67
1 changed files with 3 additions and 3 deletions
--- a/python-lxml.changes
+++ b/python-lxml.changes
@ -82,7 +82,7 @@ Tue Apr  6 01:51:29 UTC 2021 - Dirk Müller <dmueller@suse.com>
 - update to 4.6.3:
  * A vulnerability (CVE-2021-28957) was discovered in the HTML Cleaner by Kevin Chung,
    which allowed JavaScript to pass through.  The cleaner now removes the HTML5
-    ``formaction`` attribute.
+    ``formaction`` attribute. (bsc#1184177)
 -------------------------------------------------------------------
 Sun Jan 24 10:21:16 UTC 2021 - Dirk Müller <dmueller@suse.com>
@ -90,7 +90,7 @@ Sun Jan 24 10:21:16 UTC 2021 - Dirk Müller <dmueller@suse.com>
 - update to 4.6.2:
 * A vulnerability (CVE-2020-27783) was discovered in the HTML Cleaner by Yaniv Nizry,
  which allowed JavaScript to pass through.  The cleaner now removes more sneaky
-  "style" content.
+  "style" content. (bsc#1179534)
 * A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry, which allowed
  JavaScript to pass through.  The cleaner now removes more sneaky "style" content.
 * GH#310: ``lxml.html.InputGetter`` supports ``__len__()`` to count the number of input fields.
@ -256,7 +256,7 @@ Fri Nov 16 18:54:26 UTC 2018 - Todd R <toddrme2178@gmail.com>
 - Update to 4.2.5
  * Javascript URLs that used URL escaping were not removed by the HTML cleaner.
-    Security problem found by Omar Eissa.
+    Security problem found by Omar Eissa. (CVE-2018-19787, bsc#1118088)
 -------------------------------------------------------------------
 Mon Sep  3 14:34:43 UTC 2018 - comurphy@suse.com