On Sat, 2025-08-30 at 09:05 -0400, James Valleroy wrote: > Fixes CVE-2025-55291: > Prior to 0.15.0, the input string in the cloud tag page is not > properly sanitized. This allows the </title> tag to be prematurely > closed, leading to a reflected Cross-Site Scripting (XSS) > vulnerability. This vulnerability is fixed in 0.15.0. > > This issue is also present in old-stable.
If you want to fix it in bookworm as well, please open a separate bug for that. +shaarli (0.14.0+dfsg-2) trixie; urgency=medium While 0.14.0+dfsg-2 works in this case because that version has never been used for an upload to Debian in the past, note that the more conventional version number would be 0.14.0+dfsg-1+deb13u1. Regards, Adam
