Accepted lxml 4.6.3+dfsg-0.1+deb11u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 08 Jan 2022 15:06:02 +0100
Source: lxml
Architecture: source
Version: 4.6.3+dfsg-0.1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1001885
Changes:
lxml (4.6.3+dfsg-0.1+deb11u1) bullseye-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Cleaner: Prevent "@import" from re-occurring in the CSS after
replacements, e.g. "@@importimport" (CVE-2021-43818) (Closes: #1001885)
* Cleaner: Remove SVG image data URLs since they can embed script content
(CVE-2021-43818) (Closes: #1001885)
Checksums-Sha1:
f0462d142ace0209b538994deeff5e8610af9160 2254 lxml_4.6.3+dfsg-0.1+deb11u1.dsc
32b81a3d8546521bc6d209a8028bf9f5d927411e 940222 lxml_4.6.3+dfsg.orig.tar.gz
a4481e1ea7b533c39332a7315c3cfac96ea6f755 9684 lxml_4.6.3+dfsg-0.1+deb11u1.debian.tar.xz
Checksums-Sha256:
0d6d208b52a784c0c3a3dc7def582780ecd9cd1675bb586551336717727c3202 2254 lxml_4.6.3+dfsg-0.1+deb11u1.dsc
aa386ddf45ccc40975f33d29e285b6656273254ed797dd87d6283090f5d62036 940222 lxml_4.6.3+dfsg.orig.tar.gz
ee470d49936d6e5079df87d098ba82d9a99dab2f74e3db0f480c874d12952e3d 9684 lxml_4.6.3+dfsg-0.1+deb11u1.debian.tar.xz
Files:
677110b3640d4c45c05aba72a6ba2bbb 2254 python optional lxml_4.6.3+dfsg-0.1+deb11u1.dsc
6c55a1d15abe4da09a9f97f8abf5e908 940222 python optional lxml_4.6.3+dfsg.orig.tar.gz
d59e5b54537a18570e37d1833ab9c8c3 9684 python optional lxml_4.6.3+dfsg-0.1+deb11u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmHZqlFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EiRoQAI5zvrKCuxX3ofbucrtNMBny1poA/AId
Qqm4PsUITkS/S5rWRQK2Y8D9FvBLtCNvkE8tXR7lv5h4kph609G+/iM0fyRE3tZv
OsxQm/d1tTTap9nRCdZeNAjF0QK5enQFECZvIGrZ9Otr+Xd48hWQIdovZlWrwvho
RZxrpqOK7+33neabALo8U8paqb0KtkEI8b9SmMWhWWGKDVelxg6nrcqJYYNz0eUu
1GrZph3rY6uPWo577C2fYA+XTljmFRx4VnAeiOWZQJcMOeywoV67cacGvREET/H0
5iTUR1mjk/D4n38DD1UzvKgETJAQMuqVeRXwWr5zFphJJ5V5nG/lvYrXeh6c8Tin
Gt4VKqlENBPbw3pQwXa9e5jRy4wZagPmxJLObWVKWGoEWdwI5ToKmh3v19WlD4Ao
ZSyTUlQNQDDH/dulJrQlRQ3dOrDEMdjBkkU93x5fNBDhdiCAluwWtWcKBds1Zeff
ANyipcJzboeK1RdCvIN4PutVC/7YnrXP1mozvLQ3dcWitT95AY3XufMKPVs50xmf
2eLwH/0b3HEnZEl99LOoS5KgZ1FskeemD7IJKzNPpeNLzYmG9tWF8bAq/6d6vgnE
t0vPqH9Iyn5/Ra4xPgMJ6uMbK006q4t2MAMgwiHPUZ6LvPgR2r1QQbe6X2jSm1xO
8FPjBg0vKKkP
=K7ei
-----END PGP SIGNATURE-----