{"id":"MGASA-2021-0260","summary":"Updated python-bleach packages fix a security vulnerability","details":"It was reported that python-bleach, a whitelist-based HTML-sanitizing \nlibrary, is prone to a mutation XSS vulnerability in bleach.clean when \"svg\" \nor \"math\" are in the allowed tags, 'p' or \"br\" are in allowed tags, \"style\", \n\"title\", \"noscript\", \"script\", \"textarea\", \"noframes\", \"iframe\", or \"xmp\" are \nin allowed tags and 'strip_comments=False' is set (CVE-2021-23980).\n","modified":"2026-04-16T00:08:57.697612399Z","published":"2021-06-16T20:22:25Z","upstream":["CVE-2021-23980"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0260.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28986"},{"type":"WEB","url":"https://www.debian.org/security/2021/dsa-4892.en.html"},{"type":"ADVISORY","url":"https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq"},{"type":"WEB","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YFAKMJGUZHUTZ53ZAID6PRVP5MSLXPGV/"}],"affected":[{"package":{"name":"python-bleach","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/python-bleach?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.4-1.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0260.json"}},{"package":{"name":"python-bleach","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/python-bleach?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0260.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}