Package: libhtml-scrubber-perl Version: 0.08-4 Severity: important Tags: security squeeze wheezy jessie Control: fixed -1 0.15-1
>From <https://security-tracker.debian.org/tracker/CVE-2015-5667>: Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment. Upstream fix: https://github.com/nigelm/html-scrubber/commit/e1978cc37867e85c06a84a4651745235010cd6cd This is fixed in unstable already. Presumably oldoldstable, oldstable, and stable are affected. I haven't looked at whether the patch applies to the older releases. -- Niko Tyni [email protected]

