Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted lxml 4.3.2-1+deb10u4 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Date: Sat, 05 Feb 2022 19:02:46 +0000
Signed by: Salvatore Bonaccorso <carnil@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 12 Jan 2022 17:58:11 +0100
Source: lxml
Architecture: source
Version: 4.3.2-1+deb10u4
Distribution: buster-security
Urgency: high
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1001885
Changes:
 lxml (4.3.2-1+deb10u4) buster-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Cleaner: Prevent "@import" from re-occurring in the CSS after
     replacements, e.g. "@@importimport" (CVE-2021-43818) (Closes: #1001885)
   * Cleaner: Remove SVG image data URLs since they can embed script content
     (CVE-2021-43818) (Closes: #1001885)
Checksums-Sha1: 
 2eb90c96eea7e4fb861c9dafb4c9ae1eb7544cd1 2427 lxml_4.3.2-1+deb10u4.dsc
 6852e30099802f7b905efec67ed7be2e91601be3 11672 lxml_4.3.2-1+deb10u4.debian.tar.xz
Checksums-Sha256: 
 77037f9d97c172d0c5d755b3403735e599644f560924a575f868e242b83febfe 2427 lxml_4.3.2-1+deb10u4.dsc
 802ee2c0ce26b7323a8787811c16f15db384b45db01502e476ff219a20721f30 11672 lxml_4.3.2-1+deb10u4.debian.tar.xz
Files: 
 97ebf45a168d06220f4ff8caeefe6bd4 2427 python optional lxml_4.3.2-1+deb10u4.dsc
 7b693727f84ec7f29885039c731da976 11672 python optional lxml_4.3.2-1+deb10u4.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmHfDZFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EKt8QAJwhB6Z/ojbuBjao/f3w/TLmhJtSKHWi
N35PeJKwN9gADmiaTFqVmAMPGmq6tEDMZmXJEHUGVXhgNDSumzF203QRHiwg2FFc
/oJHWisgMk7U5bnBVGC1oji48SylvlPT8CdH5EPlUaV5EmMHYdl3o3jHqKcvCoex
Y0iR9R+YCB+I13cuCI2OL+yR3ds+d5OKkjPZ7LT7ZAzUKyGonF5807J5baLCVP57
0037XCjopUr7BEfwgo02v3IC4/tKpkhCo4oR88+9JaxEY5yQIiBB71e/XjkZJgt7
crIX8UAHj++PKPxKdy7brgDL3jKFSxxx7Ge/+BRXn00fRDvsDyNd1APtbs3Icvy5
/ZkAchZUSIocaMaT9Y2J9axGTLRcw7mG+8LNsW9y6E1OpcRm+HUAmIGBF23cF/sR
chvsExXz8s2WSe80pAnphnOEInv4Ya+SWsOuI6GsgChz4wk1YkAoDpJcaU4Cr7do
1p+kp0W81eCx5gXC4ioERXK/RuZE4RzCXwmjjsgIXE83hfl1JmFMSLjF8bhiMNUa
g5fq0JtMkCCNXh2EfkHHWiY/gTKvMdDDSaeV82+Pn0OSMl6zf8XXYqr6s0bj7Vlx
dHZJ7NvLdEkgLNL60G/zEvwKxZj8EIH6eCwGu0c7unshXEDNGifnR86XGKybMTd2
7wVaBUrq7xxy
=RGYR
-----END PGP SIGNATURE-----

News for package lxml