david b
2011-Mar-13 09:43 UTC
[Secure-testing-team] Bug#617998: python-feedparser: please update feedparser, it hasn''t been updated in a _long_ time
Package: python-feedparser Version: 4.1-14 Severity: grave Tags: security Justification: user security hole Please update the version of python-feedparser found in debian to something recent: The following bugs will then be fixed: 1. Issue 195: XSS vulnerability in feedparser http://code.google.com/p/feedparser/issues/detail?id=195&can=1&start=100 2. Issue 255: html sanitizer doesn''t strip unsafe uri schemes http://code.google.com/p/feedparser/issues/detail?id=255&can=1&start=200 3. Issue 254: html sanitisation can be bypassed with malformed comments http://code.google.com/p/feedparser/issues/detail?id=254&can=1&start=200 -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (500, ''stable'') Architecture: amd64 (x86_64) Kernel: Linux 2.6.37.3 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages python-feedparser depends on: ii python 2.6.6-3+squeeze5 interactive high-level object-orie ii python-support 1.0.10 automated rebuilding support for P Versions of packages python-feedparser recommends: pn python-chardet <none> (no description available) pn python-libxml2 <none> (no description available) pn python-utidylib <none> (no description available) python-feedparser suggests no packages. -- no debconf information