Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted lxml 3.7.1-1+deb9u5 (source) into oldoldstable
Date: Thu, 30 Dec 2021 13:40:12 +0000
Signed by: Utkarsh Gupta <utkarsh@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 29 Dec 2021 19:08:30 +0530
Source: lxml
Architecture: source
Version: 3.7.1-1+deb9u5
Distribution: stretch-security
Urgency: high
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Utkarsh Gupta <utkarsh@debian.org>
Closes: 1001885
Changes:
 lxml (3.7.1-1+deb9u5) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Add patch to prevent "@import" from re-occurring in the
     CSS after replacements, e.g. "@@importimport" and remove
     SVG image data URLs since they can embed script content.
     (Fixes: CVE-2021-43818) (Closes: #1001885)
Checksums-Sha1:
 047996c9a13e7340951cca477d12553274b0912d 2277 lxml_3.7.1-1+deb9u5.dsc
 8ad2b82477bf59e05d1a8124211ececf986f7868 3788105 lxml_3.7.1.orig.tar.gz
 dde20f704a2a66cf89586ad6385c2af680d904a5 11736 lxml_3.7.1-1+deb9u5.debian.tar.xz
 f0417efe8c559ba0323b1cebd5d4db4c39b41742 7006 lxml_3.7.1-1+deb9u5_source.buildinfo
Checksums-Sha256:
 c348bd7a14d2b64748508a93bbc8b4c64f78a9d098cebd8711d15f4adeaa310f 2277 lxml_3.7.1-1+deb9u5.dsc
 1c7f6771838300787cfa1bb3ed6512e9dc78e60ecb308a8ed49ac956569c1cca 3788105 lxml_3.7.1.orig.tar.gz
 e67b04d404f1679e5c7e09838012fa267be2b0f068fcc545abf3902924278b8c 11736 lxml_3.7.1-1+deb9u5.debian.tar.xz
 30b02e959b47248b0b0fe75566ce6ce64fd061a733c5be8eb405e91654a3d3ae 7006 lxml_3.7.1-1+deb9u5_source.buildinfo
Files:
 945bb017b74686613f2a9c5f2186cf20 2277 python optional lxml_3.7.1-1+deb9u5.dsc
 dde0e225b51de26dd47c60575bce8e16 3788105 python optional lxml_3.7.1.orig.tar.gz
 9d9d6b47fa947e32ca6c4bb11ee2cd52 11736 python optional lxml_3.7.1-1+deb9u5.debian.tar.xz
 3a9b0b4f5716c074b291cc8f99c6dc80 7006 python optional lxml_3.7.1-1+deb9u5_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmHNspoTHHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLln1FEACO8BOmjRsbZLa35+UoXVpw8kcObyrf
GvT85gPuEhmGQG++IOH3BvOuLaHK5+i8TVGuwfgUu6qoTzirmnD6ruOwa48hVsI3
yFLJlWkoiSIgYAd/0XmTehUDjvPVJT4XTtEDCGyuBKoXX4YY9Vodgop9htz3CBZg
jW1E+7hWMbm2OhJoa7khjIwuyiM3xsNF/q23iUHRt/ZXuonkPrRcmiyH0VxRni+l
Ha6D7cPuWNZ7N+Ng01nAYnJOidhiKgHbZNwDVnpnNzovFNSRNcJQwABaURLi8k5f
JnaieLe2u2DSf7tdB98RjCGte/8RjnOoL7bMgTMUTt8BlQfVtE0DqN2G27okm7P1
2HOxnhyA+eZN64tmnLELRhrjjQAD39ZN672EVfccco4uEl86iaCqN86pUQ/QAkAP
jv0Nohkf2uva8lsKpMIr8ktRwgNCVSKPMZFiuhwHg4fSp+KxrYEU/CLsR1Fl0J2K
Mezb7AAYBlDxacVLBlpppiDr5Y4yps67Qa/3p6oLw09SuSBK2e6dJKaCEAbzzCmK
LEiA3SYXk84Qe8CxoIe+ieGW8+XxuFeXTmxCFTgqADp5WrgFf3ddXPAfZyD7nX9v
GeMGLZOBIYDYIqXJLvPQQpWJ/wRvvtDy2jCcLuY5cBbcLPcIrvkw2gNJvYIanlLQ
5TgoMGYcCc3jCg==
=bJrx
-----END PGP SIGNATURE-----

News for package lxml