Your message dated Wed, 07 Mar 2018 19:37:42 +0000
with message-id <e1etesg-000em4...@fasolo.debian.org>
and subject line Bug#892252: fixed in python-bleach 2.1.3-1
has caused the Debian Bug report #892252,
regarding src:python-bleach: URI values with character entities not properly 
sanitized
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
892252: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892252
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:python-bleach
Version: 2.1.2-1
Severity: important
Tags: upstream, security


Version 2.1.3 (March 5th, 2018)
-------------------------------

**Security fixes**

* Attributes that have URI values weren't properly sanitized if the
  values contained character entities. Using character entities, it
  was possible to construct a URI value with a scheme that was not
  allowed that would slide through unsanitized.

  This security issue was introduced in Bleach 2.1. Anyone using
Bleach 2.1 is highly encouraged to upgrade.

--- End Message ---
--- Begin Message ---
Source: python-bleach
Source-Version: 2.1.3-1

We believe that the bug you reported is fixed in the latest version of
python-bleach, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 892...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Scott Kitterman <sc...@kitterman.com> (supplier of updated python-bleach 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 07 Mar 2018 14:07:14 -0500
Source: python-bleach
Binary: python-bleach python3-bleach python-bleach-doc
Architecture: source all
Version: 2.1.3-1
Distribution: unstable
Urgency: high
Maintainer: Debian Python Modules Team 
<python-modules-team@lists.alioth.debian.org>
Changed-By: Scott Kitterman <sc...@kitterman.com>
Description:
 python-bleach - whitelist-based HTML-sanitizing library (Python 2)
 python-bleach-doc - whitelist-based HTML-sanitizing library (common 
documentation)
 python3-bleach - whitelist-based HTML-sanitizing library (Python 3)
Closes: 892252
Changes:
 python-bleach (2.1.3-1) unstable; urgency=high
 .
   [ Ondřej Nový ]
   * d/control: Set Vcs-* to salsa.debian.org
   * d/copyright: Use https protocol in Format field
 .
   [ Scott Kitterman ]
   * New upstream release (Closes: #892252)
Checksums-Sha1:
 1a60f9aa866bc1ef83406077036df428639bc18d 2624 python-bleach_2.1.3-1.dsc
 978e10156c57eb556f9b4c3cd5b1c213e9c41e2c 50496 python-bleach_2.1.3.orig.tar.gz
 747c726323e8cf60276980fb0e496954560311ff 3232 
python-bleach_2.1.3-1.debian.tar.xz
 1fe59e78338bdf5df9c6673cf732b25ec2b4c8a1 56192 
python-bleach-doc_2.1.3-1_all.deb
 bae2c40a0e49ba60b2e1ea7192b7aebd695e6134 22096 python-bleach_2.1.3-1_all.deb
 fecece504f502cae07ff1617129e624904947e13 7920 
python-bleach_2.1.3-1_amd64.buildinfo
 792c79628b4fb102d10faeb963c7a2a7c270207d 22196 python3-bleach_2.1.3-1_all.deb
Checksums-Sha256:
 cd13b632d25f656bf7dc24cc043de88d9af255d00a1c31c3216d08ef3993fd79 2624 
python-bleach_2.1.3-1.dsc
 2efa88ba7a17032436f1e1d337601a6b6551ed734da21a39a53f5bee543ea2de 50496 
python-bleach_2.1.3.orig.tar.gz
 1fec610cffa64f6fbf680696d8a0a4b200847f552efc6b2d6262f6e2355474e3 3232 
python-bleach_2.1.3-1.debian.tar.xz
 911abce1576cbb06899e3c175ad1c7a1b4bf455e14b3ba83355cf061be6a5e8a 56192 
python-bleach-doc_2.1.3-1_all.deb
 fc7163758c3480333fd4dbd6d849e02c149c497c2605e643a1c71bfb4fc95fc8 22096 
python-bleach_2.1.3-1_all.deb
 8e054d9218a0624dd1001ee86229f1005116ab6640786c829d6498752c7cad21 7920 
python-bleach_2.1.3-1_amd64.buildinfo
 8e8f5e77108655d1b511687f50e589519a89943f81cd93cdea58fee3586bd90f 22196 
python3-bleach_2.1.3-1_all.deb
Files:
 28af1f79c63f7bb399080e9453bb90cd 2624 python optional python-bleach_2.1.3-1.dsc
 16c3466551d3a5a369a563b5bca5ee44 50496 python optional 
python-bleach_2.1.3.orig.tar.gz
 abfb339412e9249a77b1fefb0c8e5ca2 3232 python optional 
python-bleach_2.1.3-1.debian.tar.xz
 d9383de580c49571bd56f5b57947e3a8 56192 doc optional 
python-bleach-doc_2.1.3-1_all.deb
 c4aba956290324467429200ee30c250b 22096 python optional 
python-bleach_2.1.3-1_all.deb
 676a843856bd9ca91a3a0b369385b98a 7920 python optional 
python-bleach_2.1.3-1_amd64.buildinfo
 381103e844afc32ddaada6310ec0c1cf 22196 python optional 
python3-bleach_2.1.3-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJaoDssAAoJEHjX3vua1ZrxkvQQAKsVwPIsLwlsyysQgOosqwEi
SLaYLC7TqJeDqf2hA61pHB4ys1gFmFQm2hprePMDFJBPcOdzfFaODKzzc3n71IRm
3my6QQSOAM/GPBDZ+O0nBfDkJQBobXNgcr/tf+xkBF7alQSMTs6Zk/syokJtplQq
QiWU3LoPa3mmR/CHU0rW9odUSycu/ROPCNAXzPDSpJ+dvxxgE/RfSEx7BithP2N7
/gkJQ8zzCv2O3SGXtBgj4agRnvfgLS1Q/bjVj8JUujknCB10+2sSouWLFRjcDlZ2
I2IGCciieGnL2rFT7Q4FEX8H88gnJT7l+HIqwW13BSScYw5c6WRzK7wFu2fgwBd8
5tmAhat1qfyh16nXlkrqkn1InvhXPRG2nD5HtiGFIu4+Fiqatequg3Z3PYkE9sv/
1PrfXYFoplnGZ3IHqaODsrikHMH7kppe8tXh5HG/wFMX7X2Jb92HinUlYz7ViOo9
KDrVGiGQ+2k7Brd9XqfEZujes91fgsliFQkl4iWdodagYPkZbX4mdoQS9EaHhLfA
F8DKtZvw8i7WPF0285WvtJzUEmPOm9aBGPJEOiuw6smTMueh62GMMh/r4s9wjEUN
g97RRyuqoxtQOiDIfFyvY1I45mcWpCUnYX+FaA+qMDD+JZYsc5iQNVVhKE2xKqDo
CjLGInegdh2fa/NSD2K7
=WxvH
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
Python-modules-team mailing list
Python-modules-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team

Reply via email to