Bug#617998: marked as done (python-feedparser: please update feedparser, it hasn't been updated in a _long_ time)

Mon, 04 Apr 2011 14:51:26 -0700 

Your message dated Mon, 04 Apr 2011 21:47:11 +0000
with message-id <e1q6rc7-0000df...@franck.debian.org>
and subject line Bug#617998: fixed in feedparser 5.0.1-1
has caused the Debian Bug report #617998,
regarding python-feedparser: please update feedparser, it hasn't been updated 
in a _long_ time
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
617998: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617998
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: python-feedparser
Version: 4.1-14
Severity: grave
Tags: security
Justification: user security hole

Please update the version of python-feedparser found in debian to something 
recent:

The following bugs will then be fixed:

1. Issue 195:   XSS vulnerability in feedparser 
http://code.google.com/p/feedparser/issues/detail?id=195&can=1&start=100
2. Issue 255:   html sanitizer doesn't strip unsafe uri schemes  
http://code.google.com/p/feedparser/issues/detail?id=255&can=1&start=200
3. Issue 254:   html sanitisation can be bypassed with malformed comments 
http://code.google.com/p/feedparser/issues/detail?id=254&can=1&start=200

-- System Information:
Debian Release: 6.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.37.3 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages python-feedparser depends on:
ii  python                  2.6.6-3+squeeze5 interactive high-level object-orie
ii  python-support          1.0.10           automated rebuilding support for P

Versions of packages python-feedparser recommends:
pn  python-chardet                <none>     (no description available)
pn  python-libxml2                <none>     (no description available)
pn  python-utidylib               <none>     (no description available)

python-feedparser suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: feedparser
Source-Version: 5.0.1-1

We believe that the bug you reported is fixed in the latest version of
feedparser, which is due to be installed in the Debian FTP archive:

feedparser_5.0.1-1.debian.tar.gz
  to main/f/feedparser/feedparser_5.0.1-1.debian.tar.gz
feedparser_5.0.1-1.dsc
  to main/f/feedparser/feedparser_5.0.1-1.dsc
feedparser_5.0.1.orig.tar.gz
  to main/f/feedparser/feedparser_5.0.1.orig.tar.gz
python-feedparser_5.0.1-1_all.deb
  to main/f/feedparser/python-feedparser_5.0.1-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 617...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Carlos Galisteo <cgalis...@k-rolus.net> (supplier of updated feedparser package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 30 Mar 2011 20:25:50 +0200
Source: feedparser
Binary: python-feedparser
Architecture: source all
Version: 5.0.1-1
Distribution: unstable
Urgency: low
Maintainer: Carlos Galisteo <cgalis...@k-rolus.net>
Changed-By: Carlos Galisteo <cgalis...@k-rolus.net>
Description: 
 python-feedparser - Universal Feed Parser for Python
Closes: 482775 617998
Changes: 
 feedparser (5.0.1-1) unstable; urgency=low
 .
   [ Carlos Galisteo ]
   * New upstream release. (Closes: #617998) (Closes: #482775)
   * Switch to dpkg-source 3.0 (quilt) format
   * Removed patch add-etag-only-if-etag-header-present.patch (fixed in 5.0)
   * Removed patch doc_css_path.diff (fixed in 5.0)
   * Removed patch auth_handlers_not_working.patch (fixed in 5.0).
   * Removed patch feedparser_utf8_decoding.patch (fixed in 5.0).
   * Removed patch democracynow_feedparser_fix.patch (fixed in 5.0).
   * Removed patch title_override.patch (fixed in 5.0).
   * Removed patch doc_css_path.diff (fixed in 5.0).
   * Fixes CVE-2011-1156
   * Fixes CVE-2011-1157
   * Fixes CVE-2011-1158
   * debian/control
     - Standards-Version updated to 3.9.1
     - Binary package depends on ${misc:Depends}
     - Build-depends on python instead of python-dev as lintian suggested.
   * debian/watch
     - watch file looks for *.tar.gz rather than .zip
   * Headers added to patches
 .
   [ Jakub Wilk ]
   * debian/rules:
     - Include /usr/share/python/python.mk only if it exists.
Checksums-Sha1: 
 ad18af648be268c3f467002e3df4d2478f59886f 1975 feedparser_5.0.1-1.dsc
 11631d41c9782b92afd533b8a3aa3ea0ceaa1ef1 313356 feedparser_5.0.1.orig.tar.gz
 f3aa86d7f2c80653d878cdcf0794c9201f889152 4240 feedparser_5.0.1-1.debian.tar.gz
 026a7207a76c9acced55246e56c097311ee8fbad 47944 
python-feedparser_5.0.1-1_all.deb
Checksums-Sha256: 
 fc8e63ea05c357948685b96bc3d777614dde214839437dadc1531ea6d6893f25 1975 
feedparser_5.0.1-1.dsc
 93220258a661af241a5695171fdf09b4cb39234e2edb8bc0d8ef6e5173501027 313356 
feedparser_5.0.1.orig.tar.gz
 c103ec64eb49f242580a0d1c10665e800f4065d484266d0e722f476d97e4a0d6 4240 
feedparser_5.0.1-1.debian.tar.gz
 15779efa6ca249c66d6c3c961c01a8746fe1fe5a30891d119219e1cb85f0a6ce 47944 
python-feedparser_5.0.1-1_all.deb
Files: 
 b115224dddc98e653f9be57153e6600c 1975 python optional feedparser_5.0.1-1.dsc
 0dfd4ad6e1059ba8df3b6eebc60eef59 313356 python optional 
feedparser_5.0.1.orig.tar.gz
 e25d1a2d38e1a1ad5e646ab2eb6a4ab4 4240 python optional 
feedparser_5.0.1-1.debian.tar.gz
 22101f6a1b6665e03e8677515de660fd 47944 python optional 
python-feedparser_5.0.1-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJNmheTAAoJEK728aKnRXZFll0QAJJbRyXg3NH/BkJbhTXayb8V
3/XOuuSj6Fq7FCk8Thn9ERvYjjDhRD83AkUZRcb6GsQEoIuteEdN1Zklw9UjMe2c
wUbHKyAx8Uuphe503jPJQ7xdIvROKnrm+8dEuuCC3fi5vqUmvkO4r97VsrGCOa/0
kM282afZPwu88Ju56UfPq88lYFGTeYDGbpu77u5SA7MSnudTYoGgYIFRH5EV7xaE
3zZtOjobfoMYYN6cK1LYWMKdudPCGBy38iZbOQddrD2tcdD+AFh2P+r6itsisDrq
dFXKHlJ/dfF81NqKFO0DNpJ3H9th+PDOzaMdicP+iPG083VjcIcdgXxCGSPFvr2j
x2KBc9Y99BGxPUKfYY8wuZ7EYYlUEpq5cpo3nbVDQwtPoAoL/YBYylWOJjIA4UiE
I3aQmDt8wVJnWlfPRHRq0b4nf8tpoQQJdd2tzfUn0bEk7JUvBHHX+P04IR0/8wKp
POCA6dJ9uaGHJ4xtfgF861eFcbGBVOl9SZcRUNZ3vTIBxdQEgqxWblokzxquJ3u2
cHSk+5U/nlnq57nTY6LSd04LtVxjsbNlkjrrnIJH/UfCeDQidlGq6fkwaZRNad+z
rLec3+ifLCNNdsAO7LcOc2kJaq/EKbj4LLfSJ7fMFMrToIV+Rn8R4owwDL1Vm6Ty
YyCccnj3uTnJMATqoDkr
=JedZ
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to