--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-e1fa96c506
2020-04-30 03:42:10.988742
--------------------------------------------------------------------------------
Name : python-bleach
Product : Fedora 31
Version : 3.1.4
Release : 2.fc31
URL :
https://github.com/mozilla/bleach
Summary : An easy whitelist-based HTML-sanitizing tool
Description :
Bleach is an HTML sanitizing library that escapes or strips markup and
attributes based on a white list.
--------------------------------------------------------------------------------
Update Information:
Update to version 3.1.4, an upstream security release. See the [upstream
changelog](https://github.com/mozilla/bleach/blob/v3.1.4/CHANGES) for details.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 22 2020 Nils Philippsen <nils(a)redhat.com> - 3.1.4-2
- skip failing tests regardless of Python version
* Wed Apr 22 2020 Nils Philippsen <nils(a)redhat.com> - 3.1.4-1
- version 3.1.4
- use
pythonhosted.org source URL as the tarballs match published hashes
- only skip failing tests and only on Python 3.9
- cope with html5lib prerelease on EL8
* Wed Feb 19 2020 Matthias Runge <mrunge(a)redhat.com> - 3.1.0-5
- skip tests for python 3.9
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.0-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Sep 3 2019 Randy Barlow <bowlofeggs(a)fedoraproject.org> - 3.1.0-4
- Drop python2-bleach (#1746757).
* Fri Aug 16 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 3.1.0-3
- Rebuilt for Python 3.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1815055 - python-bleach: Bleach: behavior parsing did not match browser
behavior which could result in mutation XSS [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1815055
[ 2 ] Bug #1815062 - python-bleach: Bleach: Specific calls to function bleach.clean
could result in mutation XSS [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1815062
[ 3 ] Bug #1820625 - CVE-2020-6817 python-bleach: behavior parsing style attributes
could result in a regular expression denial of service (ReDoS) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1820625
[ 4 ] Bug #1826275 - CVE-2020-6802 python-bleach: mutation XSS vulnerability
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1826275
[ 5 ] Bug #1826639 - python bleach fails to import in EPEL8
https://bugzilla.redhat.com/show_bug.cgi?id=1826639
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-e1fa96c506' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------