Ubuntu Security Notice 2217-1 - It was discovered that the lxml.html.clean module incorrectly stripped control characters. An attacked could potentially exploit this to conduct cross-site scripting (XSS) attacks.
7117f75f37f74cb8144e237ee206d15a04b0be006cc53d7a29c7c0989a82f056