[Python-modules-team] Bug#892252: src:python-bleach: URI values with character entities not properly sanitized
Scott Kitterman
debian at kitterman.com
Wed Mar 7 07:09:14 UTC 2018
Package: src:python-bleach
Version: 2.1.2-1
Severity: important
Tags: upstream, security
Version 2.1.3 (March 5th, 2018)
-------------------------------
**Security fixes**
* Attributes that have URI values weren't properly sanitized if the
values contained character entities. Using character entities, it
was possible to construct a URI value with a scheme that was not
allowed that would slide through unsanitized.
This security issue was introduced in Bleach 2.1. Anyone using
Bleach 2.1 is highly encouraged to upgrade.
More information about the Python-modules-team
mailing list