It was reported that python-bleach, a whitelist-based HTML-sanitizing
library, is prone to a mutation XSS vulnerability in bleach.clean when
'svg' or 'math' are in the allowed tags, 'p' or 'br' are in allowed
tags, 'style', 'title', 'noscript', 'script', 'textarea', 'noframes',
'iframe', or 'xmp' are in allowed tags and 'strip_comments=False' is
For the stable distribution (buster), this problem has been fixed in
We recommend that you upgrade your python-bleach packages.