Source: lxml Severity: important Tags: security upstream fixed-upstream Hi
It was found that the clean_html() function does not properly clean HTML input if it includes non-printed characters (\x01-\x08). For detail see [1], [2] and [3]. [1] http://seclists.org/fulldisclosure/2014/Apr/210 [2] https://mailman-mail5.webfaction.com/pipermail/lxml/2014-April/007128.html [3] https://bugzilla.redhat.com/show_bug.cgi?id=1092613 Upstream has released a new version (3.3.5)[4] and the corresponding commit it as [5]. [4] http://lxml.de/3.3/changes-3.3.5.html [5] https://github.com/lxml/lxml/commit/e86b294f1f81b899a59925123560ff924a72f1cc Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
