7726 moderate openSUSE Leap 42.3 Update ports This update for python-mistune to version 0.8.3 fixes several issues. These security issues were fixed: - CVE-2017-16876: Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py allowed remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument (bsc#1072307). - CVE-2017-15612: Prevent XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions (bsc#1064640). These non-security issues were fixed: - Fix nested html issue - Fix _keyify with lower case. - Remove non breaking spaces preprocessing - Remove rev and rel attribute for footnotes - Fix escape_link method - Handle block HTML with no content - Use expandtabs for tab - Fix escape option for text renderer - Fix HTML attribute regex pattern - Fix strikethrough regex - Fix HTML attribute regex - Fix close tag regex - Fix hard_wrap options on renderer. - Fix emphasis regex pattern - Fix base64 image link - Fix link security per - Fix inline html when there is no content per python-mistune-0.8.3-11.1.noarch.rpm python-mistune-0.8.3-11.1.src.rpm python3-mistune-0.8.3-9.1.noarch.rpm python3-mistune-0.8.3-9.1.src.rpm