Hello community, here is the log from the commit of package python-bleach for openSUSE:Factory checked in at 2018-03-20 22:01:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-bleach (Old) and /work/SRC/openSUSE:Factory/.python-bleach.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-bleach" Tue Mar 20 22:01:11 2018 rev:4 rq:589030 version:2.1.3 Changes: -------- --- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes 2017-12-11 18:56:36.934239885 +0100 +++ /work/SRC/openSUSE:Factory/.python-bleach.new/python-bleach.changes 2018-03-20 22:01:35.371026086 +0100 @@ -1,0 +2,10 @@ +Tue Mar 20 08:38:36 UTC 2018 - kbabi...@suse.com + +- Update to version 2.1.3: + * Attributes that have URI values weren't properly sanitized if the + values contained character entities. Using character entities, it + was possible to construct a URI value with a scheme that was not + allowed that would slide through unsanitized. + (CVE-2018-7753 bnc#1085969) + +------------------------------------------------------------------- Old: ---- bleach-2.1.2.tar.gz New: ---- bleach-2.1.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-bleach.spec ++++++ --- /var/tmp/diff_new_pack.g376Il/_old 2018-03-20 22:01:36.390989363 +0100 +++ /var/tmp/diff_new_pack.g376Il/_new 2018-03-20 22:01:36.394989219 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-bleach # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2015 LISA GmbH, Bingen, Germany. # # All modifications and additions to the file contributed by third parties @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-bleach -Version: 2.1.2 +Version: 2.1.3 Release: 0 Summary: An easy whitelist-based HTML-sanitizing tool License: Apache-2.0 ++++++ bleach-2.1.2.tar.gz -> bleach-2.1.3.tar.gz ++++++ ++++ 1828 lines of diff (skipped)