Hi Florian, On Fri, May 01, 2020 at 02:11:50PM +0200, Florian Weimer wrote: > * Florian Weimer: > > > * Francesco Poli: > > > >> Please note that the CVE is mentioned in [DSA-4667-1]. > >> > >> [DSA-4667-1]: > >> <https://lists.debian.org/debian-security-announce/2020/msg00071.html> > >> > >> What's wrong with that tracker page? > > > > It's something in the NVD data that breaks the HTML escaping. > > This patch adds basic Unicode support to the web framework. I'm not > sure if it is the right direction to move in, but it fixes the issue. > > An alternative fix would be to change the NVD importer not to put > Unicode strings into the database, by encoding them as byte strings > first.
Do you want to deploy that or rather investigate an alternative? Salvatore
