oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: HTML Purifier

From: Raphael Geissert <geissert () debian org>
Date: Tue, 29 Jun 2010 23:53:36 -0500
Hi,

HTML Purifier 4.1.1 fixes an IE-specific XSS vulnerability.

Upstream announcement:
http://htmlpurifier.org/news/2010/0531-4.1.1-released

Fix:
http://repo.or.cz/w/htmlpurifier.git/commit/d3abcb90e30592c619047d878cf9c72b7c5836a3

This one is required for the fix to apply (the change is overwritten by the 
fix):
http://repo.or.cz/w/htmlpurifier.git/commit/da94d3d6acdf417ac890426eb1fd239ba62b042d

Could a CVE id be assigned?

Thanks in advance.

Regards,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Previous By Date Next
Previous By Thread Next

Current thread: