Package: src:python-bleach
Version: 2.1.2-1
Severity: important
Tags: upstream, security

Version 2.1.3 (March 5th, 2018)

**Security fixes**

* Attributes that have URI values weren't properly sanitized if the
  values contained character entities. Using character entities, it
  was possible to construct a URI value with a scheme that was not
  allowed that would slide through unsanitized.

  This security issue was introduced in Bleach 2.1. Anyone using
Bleach 2.1 is highly encouraged to upgrade.

Reply via email to