UbuntuUpdates.org

Package "lxml"

Name: lxml

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • pythonic binding for the libxml2 and libxslt libraries
  • pythonic binding for the libxml2 and libxslt libraries (debug extension)
  • pythonic binding for the libxml2 and libxslt libraries (documentation)
  • pythonic binding for the libxml2 and libxslt libraries

Latest version: 3.5.0-1ubuntu0.4
Release: xenial (16.04)
Level: security
Repository: main

Links



Other versions of "lxml" in Xenial

Repository Area Version
base main 3.5.0-1build1
updates main 3.5.0-1ubuntu0.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.5.0-1ubuntu0.4 2021-03-30 18:06:21 UTC

  lxml (3.5.0-1ubuntu0.4) xenial-security; urgency=medium

  * SECURITY UPDATE: incorrect formaction attribute input sanitization
    - Add HTML-5 formaction attribute to defs.link_attrs in
      src/lxml/html/defs.py, src/lxml/html/tests/test_clean.py.
    - CVE-2021-28957

 -- Marc Deslauriers <email address hidden> Mon, 29 Mar 2021 12:05:53 -0400

Source diff to previous version
CVE-2021-28957 lxml 4.6.2 allows XSS. It places the HTML action attribute into defs.link_attrs (in html/defs.py) for later use in input sanitization, but does not d

Version: 3.5.0-1ubuntu0.3 2020-12-11 02:06:19 UTC

  lxml (3.5.0-1ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: XSS vulnerability
    - This adds the missing part reported from upstream
      Prevent combinations of <noscript> and <style> to sneak
      JS through the HTML cleaner in src/lxml/html/clean.py,
      src/lxml/html/tests/test_clean.py.
    - CVE-2020-27783

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 09 Dec 2020 22:01:26 -0300

Source diff to previous version
CVE-2020-27783 A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behavi

Version: 3.5.0-1ubuntu0.2 2020-12-09 15:06:22 UTC

  lxml (3.5.0-1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: XSS vulnerability
    - Prevent combinations of <noscript> and <style> to sneak
      JS through the HTML cleaner in src/lxml/html/clean.py,
      src/lxml/html/tests/test_clean.py.
    - CVE-2020-27783

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 08 Dec 2020 13:51:53 -0300

Source diff to previous version
CVE-2020-27783 A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behavi

Version: 3.5.0-1ubuntu0.1 2018-12-10 13:06:18 UTC

  lxml (3.5.0-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: XSS attacks
    - Make the cleaner remove javascript URLs
      that use espacing in in src/lxml/html/clean.py,
      src/lxml/html/tests/test_clean.txt.
    - CVE-2018-19787

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 07 Dec 2018 08:28:49 -0300

CVE-2018-19787 An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, al



About   -   Send Feedback to @ubuntu_updates