Security update for python-bleach (important)

An update that fixes three vulnerabilities is now available.

Description:

This update for python-bleach fixes the following issues:

• CVE-2021-23980: Fixed mutation XSS on bleach.clean with specific
  combinations of allowed tags (boo#1184547)

Update to 3.1.5:

• replace missing setuptools dependency with packaging. Thank you
  Benjamin Peterson.

Update to 3.1.4 (boo#1168280, CVE-2020-6817):

• bleach.clean behavior parsing style attributes could result in a
  regular expression denial of service (ReDoS). Calls to bleach.clean
  with an allowed tag with an allowed style attribute were vulnerable
  to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).
• Style attributes with dashes, or single or double quoted values are
  cleaned instead of passed through.

update to 3.1.3 (boo#1167379, CVE-2020-6816):

• Add relative link to code of conduct. (#442)
• Drop deprecated ‘setup.py test’ support. (#507)
• Fix typo: curren -> current in tests/test_clean.py (#504)
• Test on PyPy 7
• Drop test support for end of life Python 3.4
• bleach.clean behavior parsing embedded MathML and SVG content with
  RCDATA tags did not match browser behavior and could result in a
  mutation XSS. Calls to bleach.clean with strip=False and
  math or svg tags and one or more of the RCDATA tags script,
  noscript, style, noframes, iframe, noembed, or
  xmp in the allowed tags whitelist were vulnerable to a mutation XSS.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.2:

  zypper in -t patch openSUSE-2021-552=1