On Mon, 25 Apr 2022 13:39:49 +0100 Neil Williams <codeh...@debian.org> wrote: > Please note, the current homepage for libowasp-antisamy-java appears to > have no commits beyond version 1.5.3 but the change for CVE-2022-29577 > does match the source code for libowasp-antisamy-java: > https://sources.debian.org/src/libowasp-antisamy-java/1.5.3+dfsg-1.1/src/main/java/org/owasp/validator/html/scan/AntiSamyDOMScanner.java/?hl=410#L410
Apologies - that paragraph contains a typo - the matching change is for CVE-2022-28367: The fix in what looks like the new upstream is: https://github.com/nahsra/antisamy/commit/0199e7e194dba5e7d7197703f43ebe22401e61ae -- Neil Williams ============= https://linux.codehelp.co.uk/
pgpesSBU393Yq.pgp
Description: OpenPGP digital signature
