--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-96c79bf003
2022-01-15 01:20:35.214438
--------------------------------------------------------------------------------
Name : python-lxml
Product : Fedora 35
Version : 4.6.5
Release : 1.fc35
URL :
https://github.com/lxml/lxml
Summary : XML processing library combining libxml2/libxslt with the ElementTree API
Description :
lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It
provides safe and convenient access to these libraries using the ElementTree It
extends the ElementTree API significantly to offer support for XPath, RelaxNG,
XML Schema, XSLT, C14N and much more.To contact the project, go to the project
home page < or see our bug tracker at case you want to use the current ...
--------------------------------------------------------------------------------
Update Information:
Rebase to upstream version 4.6.5 to fix security vulnerability that causes HTML
Cleaner to allow crafted and SVG embedded scripts to pass through
(CVE-2021-43818)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 6 2022 Charalampos Stratakis <cstratak(a)redhat.com> - 4.6.5-1
- Update to 4.6.5
- Fixes CVE-2021-43818
- Resolves: rhbz#2032572
* Fri Nov 26 2021 Miro Hron��ok <mhroncok(a)redhat.com> - 4.6.3-5
- Run the tests during build
- Resolves: rhbz#2026941
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2032572 - CVE-2021-43818 python-lxml: HTML Cleaner allows crafted and SVG
embedded scripts to pass through [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2032572
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-96c79bf003' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------