Overview
Request 790549 accepted
- update to 3.1.4 (bsc#1168280, CVE-2020-6817):
* ``bleach.clean`` behavior parsing style attributes could result in a
regular expression denial of service (ReDoS).
Calls to ``bleach.clean`` with an allowed tag with an allowed
``style`` attribute were vulnerable to ReDoS. For example,
``bleach.clean(..., attributes={'a': ['style']})``.
* Style attributes with dashes, or single or double quoted values are
cleaned instead of passed through.
- update to 3.1.3 (bsc#1167379, CVE-2020-6816):
- Created by dirkmueller
- In state accepted
- Supersedes 790350
Request History
dirkmueller created request
- update to 3.1.4 (bsc#1168280, CVE-2020-6817):
* ``bleach.clean`` behavior parsing style attributes could result in a
regular expression denial of service (ReDoS).
Calls to ``bleach.clean`` with an allowed tag with an allowed
``style`` attribute were vulnerable to ReDoS. For example,
``bleach.clean(..., attributes={'a': ['style']})``.
* Style attributes with dashes, or single or double quoted values are
cleaned instead of passed through.
- update to 3.1.3 (bsc#1167379, CVE-2020-6816):
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
dimstar accepted review
dimstar_suse set openSUSE:Factory:Staging:E as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:E"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:E"
dimstar_suse accepted review
Staging Project openSUSE:Factory:Staging:E got accepted.
dimstar_suse approved review
Staging Project openSUSE:Factory:Staging:E got accepted.
dimstar_suse accepted request
Staging Project openSUSE:Factory:Staging:E got accepted.