On Mon, Apr 25, 2022 at 07:22:12PM +0200, Salvatore Bonaccorso wrote: > Hi! > > On Mon, Apr 25, 2022 at 01:48:43PM +0100, Neil Williams wrote: > > On Mon, 25 Apr 2022 13:39:49 +0100 Neil Williams <codeh...@debian.org> > > wrote: > > > Please note, the current homepage for libowasp-antisamy-java appears to > > > have no commits beyond version 1.5.3 but the change for CVE-2022-29577 > > > does match the source code for libowasp-antisamy-java: > > > https://sources.debian.org/src/libowasp-antisamy-java/1.5.3+dfsg-1.1/src/main/java/org/owasp/validator/html/scan/AntiSamyDOMScanner.java/?hl=410#L410 > > > > Apologies - that paragraph contains a typo - the matching change is for > > CVE-2022-28367: > > > > The fix in what looks like the new upstream is: > > https://github.com/nahsra/antisamy/commit/0199e7e194dba5e7d7197703f43ebe22401e61ae > > Could you please make sure to as well include > https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 > to make the fix complete. > > Possibly it's best to just update to the new 1.6.7 upstream version.
Hello, I have started working on the update to the latest upstream (1.6.8). Updating will require a NEW package for: https://github.com/HtmlUnit/htmlunit-neko (not to be confused with https://tracker.debian.org/pkg/nekohtml) I believe that's the only missing package, but haven't yet assessed htmlunit-neko to determine if there are other transitive dependencies. Cheers, tony
signature.asc
Description: PGP signature
