-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-7129fbaeed 2022-01-23 01:05:12.958702 --------------------------------------------------------------------------------
Name : python-lxml Product : Fedora 34 Version : 4.6.5 Release : 1.fc34 URL : https://github.com/lxml/lxml Summary : XML processing library combining libxml2/libxslt with the ElementTree API Description : lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It provides safe and convenient access to these libraries using the ElementTree It extends the ElementTree API significantly to offer support for XPath, RelaxNG, XML Schema, XSLT, C14N and much more.To contact the project, go to the project home page < or see our bug tracker at case you want to use the current ...
-------------------------------------------------------------------------------- Update Information:
Rebase to upstream version 4.6.5 to fix security vulnerability that causes HTML Cleaner to allow crafted and SVG embedded scripts to pass through (CVE-2021-43818) -------------------------------------------------------------------------------- ChangeLog:
* Thu Jan 6 2022 Charalampos Stratakis cstratak@redhat.com - 4.6.5-1 - Update to 4.6.5 - Fixes CVE-2021-43818 - Resolves: rhbz#2032572 * Fri Nov 26 2021 Miro Hron��ok mhroncok@redhat.com - 4.6.3-3 - Run the tests during build - Resolves: rhbz#2026941 * Thu Jun 3 2021 Charalampos Stratakis cstratak@redhat.com - 4.6.3-2 - Update the license information -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2032572 - CVE-2021-43818 python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2032572 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-7129fbaeed' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------