Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-lxml for openSUSE:Factory
checked in at 2021-04-08 21:02:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-lxml (Old)
and /work/SRC/openSUSE:Factory/.python-lxml.new.2401 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-lxml"
Thu Apr 8 21:02:05 2021 rev:83 rq:883115 version:4.6.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-lxml/python-lxml.changes 2021-02-01
13:28:23.630120854 +0100
+++ /work/SRC/openSUSE:Factory/.python-lxml.new.2401/python-lxml.changes
2021-04-08 21:02:25.521917476 +0200
@@ -1,0 +2,8 @@
+Tue Apr 6 01:51:29 UTC 2021 - Dirk M??ller <dmuel...@suse.com>
+
+- update to 4.6.3:
+ * A vulnerability (CVE-2021-28957) was discovered in the HTML Cleaner by
Kevin Chung,
+ which allowed JavaScript to pass through. The cleaner now removes the
HTML5
+ ``formaction`` attribute.
+
+-------------------------------------------------------------------
Old:
----
lxml-4.6.2.tar.gz
New:
----
lxml-4.6.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-lxml.spec ++++++
--- /var/tmp/diff_new_pack.Qb5Wot/_old 2021-04-08 21:02:26.133918137 +0200
+++ /var/tmp/diff_new_pack.Qb5Wot/_new 2021-04-08 21:02:26.133918137 +0200
@@ -18,7 +18,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-lxml
-Version: 4.6.2
+Version: 4.6.3
Release: 0
Summary: Pythonic XML processing library
License: BSD-3-Clause AND GPL-2.0-or-later
++++++ lxml-4.6.2.tar.gz -> lxml-4.6.3.tar.gz ++++++
++++ 12971 lines of diff (skipped)
