oss-sec mailing list archives
Re: CVE request: HTML Purifier
From: Josh Bressers <bressers () redhat com>
Date: Wed, 30 Jun 2010 15:26:30 -0400 (EDT)
Please use CVE-2010-2479 Thanks. -- JB ----- "Raphael Geissert" <geissert () debian org> wrote:
Hi, HTML Purifier 4.1.1 fixes an IE-specific XSS vulnerability. Upstream announcement: http://htmlpurifier.org/news/2010/0531-4.1.1-released Fix: http://repo.or.cz/w/htmlpurifier.git/commit/d3abcb90e30592c619047d878cf9c72b7c5836a3 This one is required for the fix to apply (the change is overwritten by the fix): http://repo.or.cz/w/htmlpurifier.git/commit/da94d3d6acdf417ac890426eb1fd239ba62b042d Could a CVE id be assigned? Thanks in advance. Regards, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- CVE request: HTML Purifier Raphael Geissert (Jun 30)
- Re: CVE request: HTML Purifier Josh Bressers (Jun 30)