UbuntuUpdates.org

Package "python-lxml"

Name: python-lxml

Description:

pythonic binding for the libxml2 and libxslt libraries
Latest version: 3.3.3-1ubuntu0.2
Release: trusty (14.04)
Level: updates
Repository: main
Head package: lxml
Homepage: http://lxml.de/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "python-lxml"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "python-lxml" in Trusty

Repository Area Version
base main 3.3.3-1
security main 3.3.3-1ubuntu0.2

Changelog

Version: 3.3.3-1ubuntu0.2 2018-12-10 14:06:17 UTC

  lxml (3.3.3-1ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: XSS attacks
    - Make the cleaner remove javascript URLs
      that use espacing in in src/lxml/html/clean.py,
      src/lxml/html/tests/test_clean.txt.
    - CVE-2018-19787

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 06 Dec 2018 16:19:29 -0300
Source diff to previous version
CVE-2018-19787 An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, al

Version: 3.3.3-1ubuntu0.1 2014-05-21 18:06:58 UTC

  lxml (3.3.3-1ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: XSS via control characters
    - adjust filter in src/lxml/html/clean.py, add test to
      src/lxml/html/tests/test_clean.txt.
    - e86b294f1f81b899a59925123560ff924a72f1cc
    - CVE-2014-3146
 -- Marc Deslauriers <email address hidden> Fri, 16 May 2014 15:30:25 -0400
CVE-2014-3146 Incomplete blacklist vulnerability in the lxml.html.clean module in ...


About   -   Send Feedback to @ubuntu_updates