Ubuntu Security Notice 996-1 - It was discovered that Mako incorrectly filtered single-quote characters when performing html filtering. An attacker could utilize this to perform cross-site scripting attacks.
5d46c1b2447be741d1cc08d29f126944eb6b44c9251b718b32066cc0e0f26640