mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-19 03:52:17 +00:00
security/vuxml: document py-bleach issue
PR: 226851
This commit is contained in:
parent
d21a40b927
commit
ddb9b76c52
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=475440
@ -58,6 +58,37 @@ Notes:
|
||||
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
|
||||
-->
|
||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
||||
<vuln vid="e97a8852-32dd-4291-ba4d-92711daff056">
|
||||
<topic>py-bleach -- unsanitized character entities</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>py27-bleach</name>
|
||||
<name>py36-bleach</name>
|
||||
<range><ge>2.1.0</ge><lt>2.1.3</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>bleach developer reports:</p>
|
||||
<blockquote cite="https://github.com/mozilla/bleach/blob/v2.1.3/CHANGES">
|
||||
<p>Attributes that have URI values weren't properly sanitized if the
|
||||
values contained character entities. Using character entities, it
|
||||
was possible to construct a URI value with a scheme that was not
|
||||
allowed that would slide through unsanitized.</p>
|
||||
<p>This security issue was introduced in Bleach 2.1. Anyone using
|
||||
Bleach 2.1 is highly encouraged to upgrade.</p>
|
||||
</blockquote>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<url>https://github.com/mozilla/bleach/blob/v2.1.3/CHANGES</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2018-03-05</discovery>
|
||||
<entry>2018-07-27</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="07d04eef-d8e2-11e6-a071-001e67f15f5a">
|
||||
<topic>lshell -- Shell autocomplete reveals forbidden directories</topic>
|
||||
<affects>
|
||||
|
Loading…
Reference in New Issue
Block a user