Package: python-feedparser Version: 4.1-14 Severity: grave Tags: security Justification: user security hole
Please update the version of python-feedparser found in debian to something recent: The following bugs will then be fixed: 1. Issue 195: XSS vulnerability in feedparser http://code.google.com/p/feedparser/issues/detail?id=195&can=1&start=100 2. Issue 255: html sanitizer doesn't strip unsafe uri schemes http://code.google.com/p/feedparser/issues/detail?id=255&can=1&start=200 3. Issue 254: html sanitisation can be bypassed with malformed comments http://code.google.com/p/feedparser/issues/detail?id=254&can=1&start=200 -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.37.3 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages python-feedparser depends on: ii python 2.6.6-3+squeeze5 interactive high-level object-orie ii python-support 1.0.10 automated rebuilding support for P Versions of packages python-feedparser recommends: pn python-chardet <none> (no description available) pn python-libxml2 <none> (no description available) pn python-utidylib <none> (no description available) python-feedparser suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
