Debian has issued an advisory on March 20:
The issue is fixed upstream in 3.1.2.
Mageia 7 is also affected.
Fixed upstream in 3.1.2
The updated packages fix a security vulnerability:
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. (CVE-2020-6816)
Updated packages in core/updates_testing:
Fixed upstream in 3.1.2 =>
Examples of use at:
Downloaded the test_basics.py file from the flasky project but it is not much use without the whole project. Don't know how to install that from GitHub so I guess this has to be a case of a clean update unless somebody in QA can handle GitHub.
The update runs OK.