Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-lxml for openSUSE:Factory checked in at 2026-06-29 17:29:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-lxml (Old) and /work/SRC/openSUSE:Factory/.python-lxml.new.11887 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-lxml" Mon Jun 29 17:29:39 2026 rev:118 rq:1362151 version:6.1.1 Changes: -------- --- /work/SRC/openSUSE:Factory/python-lxml/python-lxml.changes 2026-04-21 12:42:24.156399524 +0200 +++ /work/SRC/openSUSE:Factory/.python-lxml.new.11887/python-lxml.changes 2026-06-29 17:30:07.689548738 +0200 @@ -1,0 +2,15 @@ +Sun Jun 28 10:56:42 UTC 2026 - Dirk Müller <[email protected]> + +- update to 6.1.1 (bsc#, CVE-2026-49825): + * The known link attributes in ``lxml.html.defs.link_attrs`` + were missing ``xlink:href``, which can be used for URL bypass + attacks in embedded SVG/MathML/etc. content. + * https://github.com/fedora- + python/lxml_html_clean/security/advisories/GHSA-4jhm- + jv67-739f + * The Linux wheels use a patched libxslt 1.1.43, fixing + CVE-2025-7424 and CVE-2025-11731. + * The Windows wheels use libxslt 1.1.45, fixing CVE-2025-7424 + and CVE-2025-11731. + +------------------------------------------------------------------- Old: ---- lxml-6.1.0.tar.gz New: ---- lxml-6.1.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-lxml.spec ++++++ --- /var/tmp/diff_new_pack.SZD3aV/_old 2026-06-29 17:30:08.661582250 +0200 +++ /var/tmp/diff_new_pack.SZD3aV/_new 2026-06-29 17:30:08.665582388 +0200 @@ -18,7 +18,7 @@ %{?sle15_python_module_pythons} Name: python-lxml -Version: 6.1.0 +Version: 6.1.1 Release: 0 Summary: Pythonic XML processing library License: BSD-3-Clause AND GPL-2.0-or-later ++++++ lxml-6.1.0.tar.gz -> lxml-6.1.1.tar.gz ++++++ ++++ 9762 lines of diff (skipped)
