Your message dated Sat, 28 Oct 2017 02:55:32 +0000
with message-id <[email protected]>
and subject line Bug#879098: fixed in mistune 0.8-1
has caused the Debian Bug report #879098,
regarding mistune: CVE-2017-15612: cross-site scripting vulnerablity
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
879098: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879098
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: mistune
Version: 0.7.4-1
Severity: important
Tags: patch security upstream
Control: found -1 0.7.3-1
Hi,
the following vulnerability was published for mistune.
CVE-2017-15612[0]:
| mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such
| as in java\nscript:) or a crafted email address, related to the escape
| and autolink functions.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-15612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15612
[1] https://github.com/lepture/mistune/pull/140
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: mistune
Source-Version: 0.8-1
We believe that the bug you reported is fixed in the latest version of
mistune, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julien Puydt <[email protected]> (supplier of updated mistune package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 27 Oct 2017 10:23:54 +0200
Source: mistune
Binary: python-mistune python3-mistune
Architecture: source
Version: 0.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: Julien Puydt <[email protected]>
Description:
python-mistune - Markdown parser for Python 2
python3-mistune - Markdown parser for Python 3
Closes: 879098
Changes:
mistune (0.8-1) unstable; urgency=medium
.
* Bump d/watch to version 4.
* Bump std-ver to 4.1.1.
* New upstream release (Closes: #879098 [CVE-2017-15612]).
* Bump dh compat to 10.
Checksums-Sha1:
1f2372c2466410806fdcad5ad938a31838f2fdb4 2143 mistune_0.8-1.dsc
13d2e3e6a8df06945d65d078c0744156e1b1fc98 54182 mistune_0.8.orig.tar.gz
84a2d9be012efbd8bdc4d5c5a7db8c6bb3c13577 2528 mistune_0.8-1.debian.tar.xz
3e735d80866cab01f95995bf0fe62bbe51ae626e 6076 mistune_0.8-1_source.buildinfo
Checksums-Sha256:
616d56004fd87b777c9c27b610bcee3a42b45067e6a5fdeec1c1183605471c40 2143
mistune_0.8-1.dsc
f479dc2ceac7d593231e77448cb5cf7194fdbebad1d88fcdb78eacac1c042f6e 54182
mistune_0.8.orig.tar.gz
20f2125b6865bcedc9cfe9bf59e30a685261fd15eb4171afeaadd35f7a828e46 2528
mistune_0.8-1.debian.tar.xz
5e8e1cf83c53c6b40c7967ed87fec921c6fa2cd2422e6ba858eb7216d38e9ff0 6076
mistune_0.8-1_source.buildinfo
Files:
5aa4b3ff1d53dceff7df06f7d0431ce0 2143 python optional mistune_0.8-1.dsc
d97227047f9206ac472eca45fe4a1584 54182 python optional mistune_0.8.orig.tar.gz
05464e0dc2696b89db3c4bd4717299f9 2528 python optional
mistune_0.8-1.debian.tar.xz
a69ea12173375cc23a2ea2556c1fd670 6076 python optional
mistune_0.8-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEkjZVexcMh/iCHArDweDZLphvfH4FAlnz6ukACgkQweDZLphv
fH78zQ//SX+7wQ2E+jaujRLsGnN/H1fsLjePfLSFiGBeOHTbxY4VnCiDqczfectE
omwUrRoypXT6SY/9yZKgZ8B9yncG9CQw9nyarlhAuZIPYJMiXw5DrbtSxBQkXw05
Mcrv98hZ8tb6nm8LuHfRieW84M+4ToREZyE2IaTbXUZkQKeEdWrxCfCpwy/5UYE3
IVyPYBTIXcKYlO5JrEFyrLm22IPx5qbJbC1pxuJ8LyQYJlltL5RBIsMA0N/BDAlL
c//Hq6RccB8xHKGgUmzvUL1fow/ApE7BQK9MfpU32P/W5JfG4CQ8NW1XvEbS2MmX
rtVj0ZNnskTi96F4YlO7co+kpytR7Wk7xqQeRS3Tf2w00cLzch5Kxzir8tTdeup/
IPo+zygpUXPWPp8m2+Ay5w4dTkJyei1iixOumWBnTn5Pcu62PwNmPKK2wFdns072
+lYb2kNz1uqvDIVQdDy2KTUUMo6Fbi3EL/Um2RKPwPfpe/lUsjgxZ8HMWLT1g9hm
3jBgUmRPjCs3RqYLUN5PfEafvZ+zB7NxZalx54/BR4hNxepAcRXJTTJtIR2UDFFE
6IH3vjCOmmh6uXVVZb2ShIacA8PcTqH3VOdclkZePTozjXmenQpnwxeuyS+QOBtZ
fVtrkYzSsWqErGKIxIUbRjzJuNZ0L3BFIavD9IEEXhBQwvkboDw=
=d4rA
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
