oss-sec mailing list archives
CVE request: HTML Purifier
From: Raphael Geissert <geissert () debian org>
Date: Tue, 29 Jun 2010 23:53:36 -0500
Hi, HTML Purifier 4.1.1 fixes an IE-specific XSS vulnerability. Upstream announcement: http://htmlpurifier.org/news/2010/0531-4.1.1-released Fix: http://repo.or.cz/w/htmlpurifier.git/commit/d3abcb90e30592c619047d878cf9c72b7c5836a3 This one is required for the fix to apply (the change is overwritten by the fix): http://repo.or.cz/w/htmlpurifier.git/commit/da94d3d6acdf417ac890426eb1fd239ba62b042d Could a CVE id be assigned? Thanks in advance. Regards, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- CVE request: HTML Purifier Raphael Geissert (Jun 30)
- Re: CVE request: HTML Purifier Josh Bressers (Jun 30)