[Secure-testing-commits] r47184 - data/CVE
Markus Koschany
apo at moszumanska.debian.org
Sat Dec 17 20:03:16 UTC 2016
Author: apo
Date: 2016-12-17 20:03:16 +0000 (Sat, 17 Dec 2016)
New Revision: 47184
Modified:
data/CVE/list
Log:
CVE-2016-9910,CVE-2016-9909,html5lib: Mark both issues as no-dsa for Wheezy
Apparently this affects only older browsers and is mitigated in newer ones.
Since the fix requires an API change, this is potentially dangerous for
html5lib's reverse-dependencies. All in all I think it is a minor issue and the
risks are greater than the benefits.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-17 19:02:14 UTC (rev 47183)
+++ data/CVE/list 2016-12-17 20:03:16 UTC (rev 47184)
@@ -1610,6 +1610,7 @@
RESERVED
- html5lib 0.999999999-1
[jessie] - html5lib <no-dsa> (Minor issue)
+ [wheezy] - html5lib <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/5
@@ -1617,6 +1618,7 @@
RESERVED
- html5lib 0.999999999-1
[jessie] - html5lib <no-dsa> (Minor issue)
+ [wheezy] - html5lib <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/5
More information about the Secure-testing-commits
mailing list