Bug#803943: libhtml-scrubber-perl: CVE-2015-5667: cross-site scripting vulnerability in comments
Niko Tyni
ntyni at debian.org
Tue Nov 3 14:10:53 UTC 2015
Package: libhtml-scrubber-perl
Version: 0.08-4
Severity: important
Tags: security squeeze wheezy jessie
Control: fixed -1 0.15-1
>From <https://security-tracker.debian.org/tracker/CVE-2015-5667>:
Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module
before 0.15 for Perl, when the comment feature is enabled, allows remote
attackers to inject arbitrary web script or HTML via a crafted comment.
Upstream fix: https://github.com/nigelm/html-scrubber/commit/e1978cc37867e85c06a84a4651745235010cd6cd
This is fixed in unstable already. Presumably oldoldstable, oldstable,
and stable are affected. I haven't looked at whether the patch applies
to the older releases.
--
Niko Tyni ntyni at debian.org
More information about the pkg-perl-maintainers
mailing list