This update for python-mistune to version 0.8.3 fixes several issues.
These security issues were fixed:
- CVE-2017-16876: Cross-site scripting (XSS) vulnerability in the _keyify
function in mistune.py allowed remote attackers to inject arbitrary web script
or HTML by leveraging failure to escape the "key" argument (bsc#1072307).
- CVE-2017-15612: Prevent XSS via an unexpected newline (such as in
java\nscript:) or a crafted email address, related to the escape and autolink
functions (bsc#1064640).
These non-security issues were fixed:
- Fix nested html issue
- Fix _keyify with lower case.
- Remove non breaking spaces preprocessing
- Remove rev and rel attribute for footnotes
- Fix escape_link method
- Handle block HTML with no content
- Use expandtabs for tab
- Fix escape option for text renderer
- Fix HTML attribute regex pattern
- Fix strikethrough regex
- Fix HTML attribute regex
- Fix close tag regex
- Fix hard_wrap options on renderer.
- Fix emphasis regex pattern
- Fix base64 image link
- Fix link security per
- Fix inline html when there is no content per
- Submitted by Tomáš Chvátal (scarabeus_iv)