Opened 5 weeks ago

Closed 4 weeks ago

Last modified 4 weeks ago

#5776 closed enhancement (fixed)

python3-3.13.6

Reported by: Bruce Dubbs Owned by: lfs-book
Priority: high Milestone: 12.4
Component: Book Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (5)

comment:1 by Bruce Dubbs, 4 weeks ago

3.13.6 is the sixth maintenance release of 3.13, containing around 200 bugfixes, build improvements and documentation changes since 3.13.5.

comment:2 by Bruce Dubbs, 4 weeks ago

Resolution: fixed
Status: newclosed

Fixed at commit 867172729.

comment:3 by Douglas R. Reno, 4 weeks ago

From https://docs.python.org/release/3.13.6/whatsnew/changelog.html#python-3-13-6 :

Security

gh-135661: Fix parsing start and end tags in html.parser.HTMLParser according to the 
HTML5 standard.

        Whitespaces no longer accepted between </ and the tag name. E.g. </ script> does 
not end the script section.

        Vertical tabulation (\v) and non-ASCII whitespaces no longer recognized as 
whitespaces. The only whitespaces are \t\n\r\f and space.

        Null character (U+0000) no longer ends the tag name.

        Attributes and slashes after the tag name in end tags are now ignored, instead 
of terminating after the first > in quoted attribute value. E.g. </script/foo=">"/>.

        Multiple slashes and whitespaces between the last attribute and closing > are 
now ignored in both start and end tags. E.g. <a foo=bar/ //>.

        Multiple = between attribute name and value are no longer collapsed. E.g. <a 
foo==bar> produces attribute “foo” with value “=bar”.

gh-102555: Fix comment parsing in html.parser.HTMLParser according to the HTML5 
standard. --!> now ends the comment. -- > no longer ends the comment. Support abnormally 
ended empty comments <--> and <--->.

gh-135462: Fix quadratic complexity in processing specially crafted input in 
html.parser.HTMLParser. End-of-file errors are now handled according to the HTML5 specs 
– comments and declarations are automatically closed, tags are ignored.

gh-118350: Fix support of escapable raw text mode (elements “textarea” and “title”) in 
html.parser.HTMLParser.

comment:4 by Douglas R. Reno, 4 weeks ago

Priority: normalhigh

comment:5 by Douglas R. Reno, 4 weeks ago

SA-12.3-088 issued

Note: See TracTickets for help on using tickets.