Package: src:python-bleach Version: 3.1.0-1 Severity: serious Tags: security upstream
From the upstream change log: **Security fixes** * ``bleach.clean`` behavior parsing ``noscript`` tags did not match browser behavior. Calls to ``bleach.clean`` allowing ``noscript`` and one or more of the raw text tags (``title``, ``textarea``, ``script``, ``style``, ``noembed``, ``noframes``, ``iframe``, and ``xmp``) were vulnerable to a mutation XSS. This security issue was confirmed in Bleach versions v2.1.4, v3.0.2, and v3.1.0. Earlier versions are probably affected too. Anyone using Bleach <=v3.1.0 is highly encouraged to upgrade. https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 Note: The referenced bug is not currently publicly accessible. _______________________________________________ Python-modules-team mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
