Hi Florian, On Fri, May 01, 2020 at 04:01:39PM +0200, Florian Weimer wrote: > * Salvatore Bonaccorso: > > > Hi Florian, > > > > On Fri, May 01, 2020 at 02:33:21PM +0200, Florian Weimer wrote: > >> * Salvatore Bonaccorso: > >> > >> > Hi Florian, > >> > > >> > On Fri, May 01, 2020 at 02:11:50PM +0200, Florian Weimer wrote: > >> >> * Florian Weimer: > >> >> > >> >> > * Francesco Poli: > >> >> > > >> >> >> Please note that the CVE is mentioned in [DSA-4667-1]. > >> >> >> > >> >> >> [DSA-4667-1]: > >> >> >> <https://lists.debian.org/debian-security-announce/2020/msg00071.html> > >> >> >> > >> >> >> What's wrong with that tracker page? > >> >> > > >> >> > It's something in the NVD data that breaks the HTML escaping. > >> >> > >> >> This patch adds basic Unicode support to the web framework. I'm not > >> >> sure if it is the right direction to move in, but it fixes the issue. > >> >> > >> >> An alternative fix would be to change the NVD importer not to put > >> >> Unicode strings into the database, by encoding them as byte strings > >> >> first. > >> > > >> > Do you want to deploy that or rather investigate an alternative? > >> > >> I'd appreciate if you could spot-check the changes (e.g., do we still > >> do HTML escaping properly?) and deploy it. It looks like I have > >> forgotten how to do it. > > > > Looks good to me, and yes can deploy it if you want me to. Please have > > a look at at attache git format-patch'ed version if you agree with the > > slight rewrite, since I do not want to commit something in your name > > you would not agree with). > > Still looks fine. > > Signed-off-by: Florian Weimer <f...@deneb.enyo.de>
Thanks, applied and deployed. Regards, Salvatore
