Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#15856 closed enhancement (fixed)

lxml-4.7.1 (python module)

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: elevated Milestone: 11.1
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (4)

comment:1 by Bruce Dubbs, 3 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 3 years ago

4.7.1 (2021-12-13)

Features added

  • Chunked Unicode string parsing via parser.feed() now encodes the input data to the native UTF-8 encoding directly, instead of going through Py_UNICODE / wchar_t encoding first, which previously required duplicate recoding in most cases.

Bugs fixed

  • lxml.objectify previously accepted non-XML numbers with underscores (like "1_000") as integers or float values in Python 3.6 and later. It now adheres to the number format of the XML spec again.
  • LP#1939031: Static wheels of lxml now contain the header files of zlib and libiconv (in addition to the already provided headers of libxml2/libxslt/libexslt).

Other changes

  • Wheels include libxml2 2.9.12+ and libxslt 1.1.34 (also on Windows).

4.6.5 (2021-12-12)

Bugs fixed

  • A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script content through SVG images.
  • A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script content through CSS imports and other crafted constructs.

comment:3 by Bruce Dubbs, 3 years ago

Resolution: fixed
Status: assignedclosed

Fixed at commit 0ed6f34f847c599ca94a975e45603bbd045efac0 

Package updates.
    Update to lxml-4.7.1 (python module).
    Update to mpg123-1.29.3.
    Update to umockdev-0.17.0.
    Update to xine-ui-0.99.13.

comment:4 by Douglas R. Reno, 3 years ago

Priority: normalelevated

Retroactively setting as Elevated due to GHSL-2021-1038 and GHSL-2021-1037 (AKA CVE-2021-43818)

Note: See TracTickets for help on using tickets.