Package: libhtml-scrubber-perl
Version: 0.08-4
Severity: important
Tags: security squeeze wheezy jessie
Control: fixed -1 0.15-1

>From <https://security-tracker.debian.org/tracker/CVE-2015-5667>:

  Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module
  before 0.15 for Perl, when the comment feature is enabled, allows remote
  attackers to inject arbitrary web script or HTML via a crafted comment.

  Upstream fix: 
https://github.com/nigelm/html-scrubber/commit/e1978cc37867e85c06a84a4651745235010cd6cd

This is fixed in unstable already. Presumably oldoldstable, oldstable,
and stable are affected.  I haven't looked at whether the patch applies
to the older releases.
-- 
Niko Tyni   [email protected]

Reply via email to