This bug was fixed in the package php-htmlpurifier - 4.1.1+dfsg1-1
---------------
php-htmlpurifier (4.1.1+dfsg1-1) unstable; urgency=high
* New upstream release; upstream WHATSNEW says:
| HTML Purifier 4.1.1 is a major security and bugfix release that
| improves on 4.1's fix for an XSS vulnerability exploitable on Internet
| Explorer. It also contains a number of important bugfixes, including
| the removal of improper logic that could result in infinite loops and
| fixed parsing for single-attributes with entities with DirectLex.
* Set urgency=high due to second attempt at XSS bugfix, no CVE number
(SA39613) (Closes: #586061) (LP: #582576)
* /usr/share/php-htmlpurifier/tests/index.php no longer has a shebang,
so do not chmod +x it
-- Ubuntu Archive Auto-Sync <[email protected]> Sun, 20 Jun 2010 09:07:52
+0100
** Changed in: php-htmlpurifier (Ubuntu Maverick)
Status: Triaged => Fix Released
--
XSS in HTML purifier 3.0.0 and 4.0.0
https://bugs.launchpad.net/bugs/582576
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
