commit python-bleach for openSUSE:Factory

Tue, 20 Mar 2018 14:02:00 -0700 

Hello community,

here is the log from the commit of package python-bleach for openSUSE:Factory 
checked in at 2018-03-20 22:01:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-bleach (Old)
 and      /work/SRC/openSUSE:Factory/.python-bleach.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python-bleach"

Tue Mar 20 22:01:11 2018 rev:4 rq:589030 version:2.1.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/python-bleach/python-bleach.changes      
2017-12-11 18:56:36.934239885 +0100
+++ /work/SRC/openSUSE:Factory/.python-bleach.new/python-bleach.changes 
2018-03-20 22:01:35.371026086 +0100
@@ -1,0 +2,10 @@
+Tue Mar 20 08:38:36 UTC 2018 - kbabi...@suse.com
+
+- Update to version 2.1.3:
+  * Attributes that have URI values weren't properly sanitized if the
+    values contained character entities. Using character entities, it
+    was possible to construct a URI value with a scheme that was not
+    allowed that would slide through unsanitized.
+    (CVE-2018-7753 bnc#1085969)
+
+-------------------------------------------------------------------

Old:
----
  bleach-2.1.2.tar.gz

New:
----
  bleach-2.1.3.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-bleach.spec ++++++
--- /var/tmp/diff_new_pack.g376Il/_old  2018-03-20 22:01:36.390989363 +0100
+++ /var/tmp/diff_new_pack.g376Il/_new  2018-03-20 22:01:36.394989219 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package python-bleach
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 # Copyright (c) 2015 LISA GmbH, Bingen, Germany.
 #
 # All modifications and additions to the file contributed by third parties
@@ -19,7 +19,7 @@
 
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 Name:           python-bleach
-Version:        2.1.2
+Version:        2.1.3
 Release:        0
 Summary:        An easy whitelist-based HTML-sanitizing tool
 License:        Apache-2.0

++++++ bleach-2.1.2.tar.gz -> bleach-2.1.3.tar.gz ++++++
++++ 1828 lines of diff (skipped)

Reply via email to