A mutation XSS affects users calling bleach.clean with all of: - svg or math in the allowed tags - p or br in allowed tags - style in allowed tags - the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
amd64 arm arm64 hppa ppc ppc64 s390 sparc x86 (ALLARCHES) done all arches done
Please cleanup, thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3437318a81f6163f7a65c9d79c3c7d0f6a2e5e1 commit f3437318a81f6163f7a65c9d79c3c7d0f6a2e5e1 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-02-02 21:06:31 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-02-02 21:22:30 +0000 dev-python/bleach: Remove old Bug: https://bugs.gentoo.org/768336 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-python/bleach/Manifest | 3 --- dev-python/bleach/bleach-3.2.1.ebuild | 39 ----------------------------------- dev-python/bleach/bleach-3.2.2.ebuild | 39 ----------------------------------- dev-python/bleach/bleach-3.2.3.ebuild | 39 ----------------------------------- 4 files changed, 120 deletions(-)
All done, thanks!