'Re: [oss-security] CVE request: HTML Purifier'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: HTML Purifier
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-06-30 19:26:30
Message-ID: 1408947388.1643541277925990594.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Please use CVE-2010-2479

Thanks.

-- 
    JB


----- "Raphael Geissert" <geissert@debian.org> wrote:

> Hi,
> 
> HTML Purifier 4.1.1 fixes an IE-specific XSS vulnerability.
> 
> Upstream announcement:
> http://htmlpurifier.org/news/2010/0531-4.1.1-released
> 
> Fix:
> http://repo.or.cz/w/htmlpurifier.git/commit/d3abcb90e30592c619047d878cf9c72b7c5836a3
> 
> This one is required for the fix to apply (the change is overwritten
> by the 
> fix):
> http://repo.or.cz/w/htmlpurifier.git/commit/da94d3d6acdf417ac890426eb1fd239ba62b042d
> 
> Could a CVE id be assigned?
> 
> Thanks in advance.
> 
> Regards,
> -- 
> Raphael Geissert - Debian Developer
> www.debian.org - get.debian.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic