File _patchinfo of Package patchinfo.22700

<patchinfo incident="22700">
  <issue tracker="bnc" id="1118088">VUL-1: CVE-2018-19787: python-lxml: lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks</issue>
  <issue tracker="bnc" id="1184177">VUL-0: CVE-2021-28957: python-lxml,python3-lxml:missing input sanitization for formaction HTML5 attributes may lead to XSS</issue>
  <issue tracker="bnc" id="1179534">VUL-0: CVE-2020-27783: python3-lxml,python-lxml: mXSS due to the use of improper parser</issue>
  <issue tracker="bnc" id="1193752">VUL-0: CVE-2021-43818: python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through</issue>
  <issue tracker="cve" id="2021-43818"/>
  <issue tracker="cve" id="2021-28957"/>
  <issue tracker="cve" id="2018-19787"/>
  <issue tracker="cve" id="2020-27783"/>
  <packager>thomas-schraitle</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for python-lxml</summary>
  <description>This update for python-lxml fixes the following issues:

- CVE-2018-19787: Fixed XSS vulnerability via unescaped URL (bsc#1118088).
- CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped (bsc#1184177).
- CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data URIs (bnc#1193752).
- CVE-2020-27783: Fixed mutation XSS with improper parser use (bnc#1179534).
</description>
</patchinfo>