File _patchinfo of Package patchinfo.23090

<patchinfo incident="23090">
  <issue tracker="bnc" id="1118088">VUL-1: CVE-2018-19787: python-lxml: lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks</issue>
  <issue tracker="bnc" id="1193752">VUL-0: CVE-2021-43818: python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through</issue>
  <issue tracker="bnc" id="1179534">VUL-0: CVE-2020-27783: python3-lxml,python-lxml: mXSS due to the use of improper parser</issue>
  <issue tracker="cve" id="2021-43818"/>
  <issue tracker="cve" id="2020-27783"/>
  <issue tracker="cve" id="2018-19787"/>
  <issue tracker="bnc" id="1184177">VUL-0: CVE-2021-28957: python-lxml,python3-lxml:missing input sanitization for formaction HTML5 attributes may lead to XSS</issue>
  <issue tracker="cve" id="2021-28957"/>
  <packager>thomas-schraitle</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for python-lxml</summary>
  <description>This update for python-lxml fixes the following issues:

- CVE-2021-43818: Removed SVG image data URLs since they can embed script
  content (bsc#1193752).
- CVE-2021-28957: Fixed a potential XSS due to improper input sanitization (bsc#1184177).
- CVE-2020-27783: Fixed a potential XSS due to improper HTML parsing (bsc#1179534).
- CVE-2018-19787: Fixed a potential XSS due to improper input sanitization (bsc#1118088).
</description>
</patchinfo>