File _patchinfo of Package patchinfo.7726

<patchinfo incident="7726">
  <issue id="1072307" tracker="bnc">VUL-0: CVE-2017-16876: python-mistune: Cross-site-scripting</issue>
  <issue id="1064640" tracker="bnc">VUL-0: CVE-2017-15612: python-mistune: XSS via an unexpected newline / crafted email address</issue>
  <issue id="2017-15612" tracker="cve" />
  <issue id="2017-16876" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>scarabeus_iv</packager>
  <description>This update for python-mistune to version 0.8.3 fixes several issues.

These security issues were fixed:

- CVE-2017-16876: Cross-site scripting (XSS) vulnerability in the _keyify
  function in mistune.py allowed remote attackers to inject arbitrary web script
  or HTML by leveraging failure to escape the "key" argument (bsc#1072307).
- CVE-2017-15612: Prevent XSS via an unexpected newline (such as in
  java\nscript:) or a crafted email address, related to the escape and autolink
  functions (bsc#1064640).

These non-security issues were fixed:

- Fix nested html issue
- Fix _keyify with lower case.
- Remove non breaking spaces preprocessing
- Remove rev and rel attribute for footnotes
- Fix escape_link method 
- Handle block HTML with no content 
- Use expandtabs for tab
- Fix escape option for text renderer
- Fix HTML attribute regex pattern
- Fix strikethrough regex
- Fix HTML attribute regex
- Fix close tag regex
- Fix hard_wrap options on renderer.
- Fix emphasis regex pattern
- Fix base64 image link 
- Fix link security per
- Fix inline html when there is no content per 
</description>
  <summary>Security update for python-mistune</summary>
</patchinfo>