projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f06339f) | patch
package/python-lxml: security bump to version 4.6.3
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Mon, 29 Mar 2021 20:33:41 +0000 (22:33 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Tue, 30 Mar 2021 06:18:21 +0000 (08:18 +0200)
commit9d678ed1de2dec9896730c62d2240583bdda71c0
treeea0a81cefb76187b623319c6a5a3ba9f78a0878dtree
parentf06339f3fcd309c70cfd4d0b3510ad3a3916e0dfcommit | diff
package/python-lxml: security bump to version 4.6.3

Fix CVE-2021-28957: lxml 4.6.2 allows XSS. It places the HTML action
attribute into defs.link_attrs (in html/defs.py) for later use in input
sanitization, but does not do the same for the HTML5 formaction
attribute.

https://github.com/lxml/lxml/blob/lxml-4.6.3/CHANGES.txt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/python-lxml/python-lxml.hash diff | blob | history
package/python-lxml/python-lxml.mk diff | blob | history