Overview
Request 790090 revoked
- update to 3.1.3 (bsc#1167379):
* Add relative link to code of conduct. (#442)
* Drop deprecated 'setup.py test' support. (#507)
* Fix typo: curren -> current in tests/test_clean.py (#504)
* Test on PyPy 7
* Drop test support for end of life Python 3.4
* ``bleach.clean`` behavior parsing embedded MathML and SVG content
with RCDATA tags did not match browser behavior and could result in
a mutation XSS.
Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or
``svg`` tags and one or more of the RCDATA tags ``script``,
``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or
``xmp`` in the allowed tags whitelist were vulnerable to a mutation
XSS.
This security issue was confirmed in Bleach version v3.1.1. Earlier
versions are likely affected too.
* CVE-2020-6802: Fixed mutation XSS vulnerabilities (bsc#1165303).
- Switch off test_uri_value_allowed_protocols test to work around
gh#mozilla/bleach#503.
- Created by dirkmueller
- In state revoked
Request History
dirkmueller created request
- update to 3.1.3 (bsc#1167379):
* Add relative link to code of conduct. (#442)
* Drop deprecated 'setup.py test' support. (#507)
* Fix typo: curren -> current in tests/test_clean.py (#504)
* Test on PyPy 7
* Drop test support for end of life Python 3.4
* ``bleach.clean`` behavior parsing embedded MathML and SVG content
with RCDATA tags did not match browser behavior and could result in
a mutation XSS.
Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or
``svg`` tags and one or more of the RCDATA tags ``script``,
``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or
``xmp`` in the allowed tags whitelist were vulnerable to a mutation
XSS.
This security issue was confirmed in Bleach version v3.1.1. Earlier
versions are likely affected too.
* CVE-2020-6802: Fixed mutation XSS vulnerabilities (bsc#1165303).
- Switch off test_uri_value_allowed_protocols test to work around
gh#mozilla/bleach#503.
licensedigger accepted review
ok
factory-auto accepted review
Check script succeeded
maintbot accepted review
ok
maintbot approved review
ok
atopt declined request
CVE-2020-6816 reference is missing next to bugzilla reference. Please also avoid copy and pasting the upstream changelog without checking the content. Sentences like this: security issue was confirmed in Bleach version v3.1.1 earlier versions are likely affected too; are not needed
dirkmueller revoked request
openSUSE:Factory/python-bleach@9 -> openSUSE:Leap:15.1:Update/python-bleach
expected origin is 'openSUSE:Leap:15.0' (changed)