UbuntuUpdates.org

Package "lxml"

Name: lxml

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • pythonic binding for the libxml2 and libxslt libraries
  • pythonic binding for the libxml2 and libxslt libraries (debug extension)
  • pythonic binding for the libxml2 and libxslt libraries (documentation)
  • pythonic binding for the libxml2 and libxslt libraries
Latest version: 3.3.3-1ubuntu0.2
Release: trusty (14.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "lxml" in Trusty

Repository Area Version
base main 3.3.3-1
security main 3.3.3-1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.3.3-1ubuntu0.2 2018-12-10 14:06:17 UTC

  lxml (3.3.3-1ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: XSS attacks
    - Make the cleaner remove javascript URLs
      that use espacing in in src/lxml/html/clean.py,
      src/lxml/html/tests/test_clean.txt.
    - CVE-2018-19787

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 06 Dec 2018 16:19:29 -0300
Source diff to previous version
CVE-2018-19787 An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, al

Version: 3.3.3-1ubuntu0.1 2014-05-21 18:06:58 UTC

  lxml (3.3.3-1ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: XSS via control characters
    - adjust filter in src/lxml/html/clean.py, add test to
      src/lxml/html/tests/test_clean.txt.
    - e86b294f1f81b899a59925123560ff924a72f1cc
    - CVE-2014-3146
 -- Marc Deslauriers <email address hidden> Fri, 16 May 2014 15:30:25 -0400
CVE-2014-3146 Incomplete blacklist vulnerability in the lxml.html.clean module in ...


About   -   Send Feedback to @ubuntu_updates