python-bleach (1.4.2-1ubuntu0.1~esm1) xenial-security; urgency=medium

  * SECURITY UPDATE: Mutation XSS when RCDATA and svg/math are whitelisted with
    strip=False
    - debian/patches/CVE-2020-6816.patch: Enforce RCDATA escaping during
      serialization in bleach/__init__.py
    - CVE-2020-6816
  * SECURITY UPDATE: ReDoS in style sanitization when style is allowed on a
    whitelisted tag
    - debian/patches/CVE-2020-6817.patch: Tighten and make the CSS gauntlet
      regex verbose to reduce backtracking in bleach/sanitizer.py
    - CVE-2020-6817
  * SECURITY UPDATE: Mutation XSS when svg/math plus eject tags are whitelisted
    and HTML comments are preserved
    - debian/patches/CVE-2021-23980-1.patch: Escape HTML comment token content
      when comments are not stripped in bleach/sanitizer.py
    - debian/patches/CVE-2021-23980-2.patch: Expand eject-tag mutation XSS
      coverage with additional parametrized tests in bleach/tests/test_links.py
    - CVE-2021-23980

 -- Shafayat Hossain Majumder <shafayat.majumder@canonical.com>  Tue, 03 Mar 2026 12:23:08 -0500

python-bleach (1.4.2-1) unstable; urgency=low

  [ Per Andersson ]
  * Bump debhelper compat level to 9 (level 8 is required in Build-Depends).
  * Add extend-diff-ignore for egg.info in debian/source/options.
  * d/watch: Use github.com, githubredir is deprecated.
  * Use my @debian.org address.
  * Use HTTPS protocol for Homepage and Vcs-* fields.

  [ Christopher Baines ]
  * New upstream release.
    - Includes fix upstream fix for #798441 (Closes: #798441).
  * Up standards version to 3.9.6, no changes required.

 -- Per Andersson <avtobiff@debian.org>  Mon, 22 Feb 2016 20:38:36 +0100

python-bleach (1.4-1) unstable; urgency=low

  * New upstream release
    - License changed to Apache License 2.0
    - Add python*-six to Build-Dependends
  * Shipping both python2 and python3 packages
    - Add python3-html5lib to Build-Dependends
  * Running tests during build
    - Add python*-nose Build-Dependends
  * Packaging license changed to Apache License 2.0
  * Bumped Standards-Version to 3.9.5, no changes needed
  * Add common doc package
    - Binary packages suggests this package
    - Add python*-sphinx to Build-Depends

 -- Per Andersson <avtobiff@gmail.com>  Fri, 14 Feb 2014 00:59:20 +0100

python-bleach (1.2.2-1) unstable; urgency=low

  * Initial release (Closes: #686902)

 -- Per Andersson <avtobiff@gmail.com>  Sun, 09 Jun 2013 19:46:56 +0200
