From c0fd0bd8c9bbbab311fe7886b503164d56350105990ccc180cc0ea8e608da476 Mon Sep 17 00:00:00 2001 From: Steve Kowalik Date: Fri, 14 Oct 2022 03:23:53 +0000 Subject: [PATCH] Add missing bug and CVE references OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-lxml?expand=0&rev=165 --- python-lxml.changes | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/python-lxml.changes b/python-lxml.changes index 6aba92a..84ec0fe 100644 --- a/python-lxml.changes +++ b/python-lxml.changes @@ -82,7 +82,7 @@ Tue Apr 6 01:51:29 UTC 2021 - Dirk Müller - update to 4.6.3: * A vulnerability (CVE-2021-28957) was discovered in the HTML Cleaner by Kevin Chung, which allowed JavaScript to pass through. The cleaner now removes the HTML5 - ``formaction`` attribute. + ``formaction`` attribute. (bsc#1184177) ------------------------------------------------------------------- Sun Jan 24 10:21:16 UTC 2021 - Dirk Müller @@ -90,7 +90,7 @@ Sun Jan 24 10:21:16 UTC 2021 - Dirk Müller - update to 4.6.2: * A vulnerability (CVE-2020-27783) was discovered in the HTML Cleaner by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner now removes more sneaky - "style" content. + "style" content. (bsc#1179534) * A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner now removes more sneaky "style" content. * GH#310: ``lxml.html.InputGetter`` supports ``__len__()`` to count the number of input fields. @@ -256,7 +256,7 @@ Fri Nov 16 18:54:26 UTC 2018 - Todd R - Update to 4.2.5 * Javascript URLs that used URL escaping were not removed by the HTML cleaner. - Security problem found by Omar Eissa. + Security problem found by Omar Eissa. (CVE-2018-19787, bsc#1118088) ------------------------------------------------------------------- Mon Sep 3 14:34:43 UTC 2018 - comurphy@suse.com