#1140353 trixie-pu: package lxml-html-clean/0.4.4-1~deb13u1

#1140353#5
Date:
2026-06-18 21:31:35 UTC
From:
To:
  - CVE-2026-28348: CSS @import Filter Bypass via Unicode Escapes
  - CVE-2026-28350: <base> tag injection through default Cleaner
                    configuration

The only code changes in the new upstream releases are the CVE fixes
in clean.py, everything else are test/CI/documentation changes
(including testcases for the CVEs).