oss-sec mailing list archives
Re: CVE request for python-feedparser
From: Josh Bressers <bressers () redhat com>
Date: Tue, 15 Mar 2011 16:28:22 -0400 (EDT)
----- Original Message -----
python-feedparser 5.0.1 fixes three flaws: https://code.google.com/p/feedparser/ * Fix issue 91 (invalid text in XML declaration causes sanitizer to crash)
https://code.google.com/p/feedparser/issues/detail?id=91 Use CVE-2011-1156
* Fix issue 254 (sanitization can be bypassed by malformed XML comments)
https://code.google.com/p/feedparser/issues/detail?id=254 Use CVE-2011-1157
* Fix issue 255 (sanitizer doesn't strip unsafe URI schemes)
https://code.google.com/p/feedparser/issues/detail?id=255 Use CVE-2011-1158 Thanks. -- JB
Current thread:
- CVE request for python-feedparser Vincent Danen (Mar 14)
- Re: CVE request for python-feedparser Josh Bressers (Mar 15)
- <Possible follow-ups>
- Re: CVE request for python-feedparser Jonathan Wiltshire (Mar 16)
- Re: Re: CVE request for python-feedparser Josh Bressers (Mar 21)