[Python-modules-team] Bug#954236: Proposed Buster Fix (pyhon3-bleach: New secuirty issue: mutation XSS (again))
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 19 22:24:22 GMT 2020
Hi Scott,
On Thu, Mar 19, 2020 at 12:20:25AM -0400, Scott Kitterman wrote:
> Upstream's 3.1.2 release had just the security fix in it. I propose updating
> buster with it (I put 3.1.3 in unstable, but it had non-security fixes in it.
>
> I'm not 100% sure about if we need to modify the import path for the new test
> since we don't use the vendored html5lib, but other than that (which I will
> investigate), this should be good.
Given we did release a DSA for the similar issue CVE-2020-6802 for
buster we can do the same as well now for this issue (it got assigned
CVE-2020-6816).
Your plan to rebase to 3.1.2 looks good to me.
Once you have the update ready please just come back to us, if
possible add the CVE id reference as it was assigned now, but more
importantly please adjust the debian/changelog (the target
distribution needs to be buster-security).
many thanks for your work!
Regards,
Salvatore
More information about the Python-modules-team
mailing list