Hi, On Sun, Mar 13, 2011 at 08:43:51PM +1100, david b wrote: > Please update the version of python-feedparser found in debian to something > recent:
CVE IDs have been allocated for these issues and one more: CVE-2011-1158 [sanitizer doesn't strip unsafe URI schemes] https://code.google.com/p/feedparser/issues/detail?id=255 CVE-2011-1157 [sanitization can be bypassed by malformed XML comments] https://code.google.com/p/feedparser/issues/detail?id=254 CVE-2011-1156 [invalid text in XML declaration causes sanitizer to crash] https://code.google.com/p/feedparser/issues/detail?id=91 CVE-2011-XXXX [XSS vuln] (cve pending) http://code.google.com/p/feedparser/issues/detail?id=195 Please mention these identifiers in the changelog when you upload a new package fixing them. It would be great to have them backported to stable and oldstable too (I'll help you with this if you need some pointers). Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
signature.asc
Description: Digital signature
