FEDORA-2018-994424b810 — security update for python-bleach

stable

python-bleach-2.1.3-1.fc28

FEDORA-2018-994424b810 created by ignatenkobrain 7 years ago for Fedora 28

Version 2.1.3 (March 5th, 2018)

Security fixes

Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.

This security issue was introduced in Bleach 2.1. Anyone using Bleach 2.1 is highly encouraged to upgrade.

Backwards incompatible changes

None

Features

None

Bug fixes

Fixed some other edge cases for attribute URI value sanitizing and improved testing of this code.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2018-994424b810

This update has been submitted for testing by ignatenkobrain.

7 years ago

ignatenkobrain edited this update.

7 years ago

This update has been pushed to testing.

7 years ago

This update has reached 3 days in testing and can be pushed to stable now if the maintainer wishes

7 years ago

This update has been submitted for batched by ignatenkobrain.

7 years ago

This update has been submitted for stable by ignatenkobrain.

7 years ago

bowlofeggs edited this update.

7 years ago

This update has been pushed to stable.

7 years ago

Please login to add feedback.

Metadata

Type

security

Karma

Signed

Content Type

RPM

Test Gating

passed

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

disabled

Dates

submitted

7 years ago

in testing

7 years ago

in stable

7 years ago

modified

7 years ago

Builds

python-bleach-2.1.3-1.fc28

BZ#1551804 python-bleach-2.1.3 is available

BZ#1558268 CVE-2018-7753 python-bleach: URI Scheme Restriction Bypass with character entities [fedora-26]

python-bleach-2.1.3-1.fc28

Automated Test Results

passed