-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-0e055ea503 2021-01-14 01:37:01.292521 --------------------------------------------------------------------------------
Name : python-lxml Product : Fedora 33 Version : 4.5.1 Release : 3.fc33 URL : https://github.com/lxml/lxml Summary : XML processing library combining libxml2/libxslt with the ElementTree API Description : lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It provides safe and convenient access to these libraries using the ElementTree It extends the ElementTree API significantly to offer support for XPath, RelaxNG, XML Schema, XSLT, C14N and much more.To contact the project, go to the project home page < or see our bug tracker at case you want to use the current ...
-------------------------------------------------------------------------------- Update Information:
This update fixes mXSS security vulnerability due to the use of improper parser (CVE-2020-27783) -------------------------------------------------------------------------------- ChangeLog:
* Fri Dec 18 2020 Mikolaj Izdebski mizdebsk@redhat.com - 4.5.1-3 - Fix mXSS vulnerability due to the use of improper parser - Resolves: CVE-2020-27783 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1901633 - CVE-2020-27783 python-lxml: mXSS due to the use of improper parser https://bugzilla.redhat.com/show_bug.cgi?id=1901633 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-0e055ea503' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------