UbuntuUpdates.org

Package "lxml"

Name: lxml

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • pythonic binding for the libxml2 and libxslt libraries
  • pythonic binding for the libxml2 and libxslt libraries (debug extension)
  • pythonic binding for the libxml2 and libxslt libraries (documentation)
  • pythonic binding for the libxml2 and libxslt libraries

Latest version: 2.3.2-1ubuntu0.5
Release: precise (12.04)
Level: security
Repository: main

Links



Other versions of "lxml" in Precise

Repository Area Version
base main 2.3.2-1
updates main 2.3.2-1ubuntu0.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.3.2-1ubuntu0.5 2021-05-03 14:07:21 UTC

  lxml (2.3.2-1ubuntu0.5) precise-security; urgency=medium

  * SECURITY UPDATE: XSS vulnerability
    - This adds the missing part reported from upstream
      Prevent combinations of <noscript> and <style> to sneak
      JS through the HTML cleaner in src/lxml/html/clean.py,
      src/lxml/html/tests/test_clean.py.
    - CVE-2020-27783

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 10 Dec 2020 09:24:15 -0300

Source diff to previous version
CVE-2020-27783 A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behavi

Version: 2.3.2-1ubuntu0.2 2014-05-21 17:07:12 UTC

  lxml (2.3.2-1ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: XSS via control characters
    - adjust filter in src/lxml/html/clean.py, add test to
      src/lxml/html/tests/test_clean.txt.
    - e86b294f1f81b899a59925123560ff924a72f1cc
    - CVE-2014-3146
 -- Marc Deslauriers <email address hidden> Tue, 20 May 2014 09:27:34 -0400

CVE-2014-3146 Incomplete blacklist vulnerability in the lxml.html.clean module in ...



About   -   Send Feedback to @ubuntu_updates