[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-6802/python-bleach as no-dsa (ignored) for stretch
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 28 20:56:07 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4b900421 by Salvatore Bonaccorso at 2020-02-28T21:54:05+01:00
Mark CVE-2020-6802/python-bleach as no-dsa (ignored) for stretch
There is possibility to adress the issue by backporting 3.1.1 to stretch
and use the vendored html5lib. This does not work out of the box and
might bring some additional riks with it. (For now) further ignore the
issue.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -314,6 +314,7 @@ CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Set
CVE-2020-6802 [mutation XSS vulnerability]
RESERVED
- python-bleach 3.1.1-1 (bug #951907)
+ [stretch] - python-bleach <ignored> (Requires invasive changes to address issue)
[jessie] - python-bleach <ignored> (Fix too invasive in jessie; uses external html5 parser)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 (not public)
NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b9004219b5fe66e207fd978cd80e45caadc6e60
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b9004219b5fe66e207fd978cd80e45caadc6e60
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200228/560747cf/attachment.html>
More information about the debian-security-tracker-commits
mailing list