oss-sec mailing list archives

Re: CVE request for python-feedparser

From: Josh Bressers <bressers () redhat com>
Date: Tue, 15 Mar 2011 16:28:22 -0400 (EDT)


----- Original Message -----

python-feedparser 5.0.1 fixes three flaws:

https://code.google.com/p/feedparser/

* Fix issue 91 (invalid text in XML declaration causes sanitizer to
crash)


https://code.google.com/p/feedparser/issues/detail?id=91

Use CVE-2011-1156

* Fix issue 254 (sanitization can be bypassed by malformed XML
comments)


https://code.google.com/p/feedparser/issues/detail?id=254

Use CVE-2011-1157

* Fix issue 255 (sanitizer doesn't strip unsafe URI schemes)


https://code.google.com/p/feedparser/issues/detail?id=255

Use CVE-2011-1158

Thanks.

-- 
    JB

Current thread:

CVE request for python-feedparser Vincent Danen (Mar 14)
- Re: CVE request for python-feedparser Josh Bressers (Mar 15)
- <Possible follow-ups>
- Re: CVE request for python-feedparser Jonathan Wiltshire (Mar 16)
  - Re: Re: CVE request for python-feedparser Josh Bressers (Mar 21)