python/python-bleach
SHA256
14
0
Fork 0
forked from pool/python-bleach
Code Pull Requests Activity

Accepting request 589012 from home:kbabioch:branches:devel:languages:python

Browse Source 
- Update to version 2.1.3:
  * Attributes that have URI values weren't properly sanitized if the
    values contained character entities. Using character entities, it
    was possible to construct a URI value with a scheme that was not
    allowed that would slide through unsanitized.
    (CVE-2018-7753 bnc#1085969)

OBS-URL: https://build.opensuse.org/request/show/589012
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-bleach?expand=0&rev=18
This commit is contained in:
Tomáš Chvátal
2018-03-20 09:37:42 +00:00
committed by Git OBS Bridge
parent b910cc8b93
commit c2eee5a36f
4 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
python-bleach.changes
View File

@@ -1,3 +1,13 @@
-------------------------------------------------------------------
Tue Mar 20 08:38:36 UTC 2018 - kbabioch@suse.com
- Update to version 2.1.3:
* Attributes that have URI values weren't properly sanitized if the
values contained character entities. Using character entities, it
was possible to construct a URI value with a scheme that was not
allowed that would slide through unsanitized.
(CVE-2018-7753 bnc#1085969)
-------------------------------------------------------------------
Thu Dec 7 16:50:14 UTC 2017 - arun@gmx.de