-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-827b677e15 2020-04-30 02:50:26.526679 --------------------------------------------------------------------------------
Name : python-bleach Product : Fedora 30 Version : 3.1.4 Release : 2.fc30 URL : https://github.com/mozilla/bleach Summary : An easy whitelist-based HTML-sanitizing tool Description : Bleach is an HTML sanitizing library that escapes or strips markup and attributes based on a white list.
-------------------------------------------------------------------------------- Update Information:
Update to version 3.1.4, an upstream security release. See the [upstream changelog](https://github.com/mozilla/bleach/blob/v3.1.4/CHANGES) for details. -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 22 2020 Nils Philippsen nils@redhat.com - 3.1.4-2 - skip failing tests regardless of Python version * Wed Apr 22 2020 Nils Philippsen nils@redhat.com - 3.1.4-1 - version 3.1.4 - use pythonhosted.org source URL as the tarballs match published hashes - only skip failing tests and only on Python 3.9 - cope with html5lib prerelease on EL8 * Wed Feb 19 2020 Matthias Runge mrunge@redhat.com - 3.1.0-5 - skip tests for python 3.9 * Thu Jan 30 2020 Fedora Release Engineering releng@fedoraproject.org - 3.1.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Tue Sep 3 2019 Randy Barlow bowlofeggs@fedoraproject.org - 3.1.0-4 - Drop python2-bleach (#1746757). * Fri Aug 16 2019 Miro Hron��ok mhroncok@redhat.com - 3.1.0-3 - Rebuilt for Python 3.8 * Fri Jul 26 2019 Fedora Release Engineering releng@fedoraproject.org - 3.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Wed Mar 6 2019 Randy Barlow bowlofeggs@fedoraproject.org - 3.1.0-1 - Update to 3.1.0. - https://github.com/mozilla/bleach/blob/v3.1.0/CHANGES -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1815055 - python-bleach: Bleach: behavior parsing did not match browser behavior which could result in mutation XSS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1815055 [ 2 ] Bug #1815062 - python-bleach: Bleach: Specific calls to function bleach.clean could result in mutation XSS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1815062 [ 3 ] Bug #1820625 - CVE-2020-6817 python-bleach: behavior parsing style attributes could result in a regular expression denial of service (ReDoS) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1820625 [ 4 ] Bug #1826275 - CVE-2020-6802 python-bleach: mutation XSS vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1826275 [ 5 ] Bug #1826639 - python bleach fails to import in EPEL8 https://bugzilla.redhat.com/show_bug.cgi?id=1826639 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-827b677e15' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------