Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4b900421 by Salvatore Bonaccorso at 2020-02-28T21:54:05+01:00
Mark CVE-2020-6802/python-bleach as no-dsa (ignored) for stretch
There is possibility to adress the issue by backporting 3.1.1 to stretch
and use the vendored html5lib. This does not work out of the box and
might bring some additional riks with it. (For now) further ignore the
issue.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -314,6 +314,7 @@ CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the
Admin Dashboard -> Set
CVE-2020-6802 [mutation XSS vulnerability]
RESERVED
- python-bleach 3.1.1-1 (bug #951907)
+ [stretch] - python-bleach <ignored> (Requires invasive changes to
address issue)
[jessie] - python-bleach <ignored> (Fix too invasive in jessie; uses
external html5 parser)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 (not public)
NOTE:
https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b9004219b5fe66e207fd978cd80e45caadc6e60
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b9004219b5fe66e207fd978cd80e45caadc6e60
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
