Bug#803943: libhtml-scrubber-perl: CVE-2015-5667: cross-site scripting vulnerability in comments
Raphael Hertzog
hertzog at debian.org
Tue Nov 3 15:39:03 UTC 2015
Control: fixed -1 0.08-4+deb6u1
On Tue, 03 Nov 2015, Niko Tyni wrote:
> > This is fixed in unstable already. Presumably oldoldstable, oldstable,
> > and stable are affected. I haven't looked at whether the patch applies
> > to the older releases.
>
> Security team: could you please add this bug number to the tracker?
> I assume this is to be handled via stable updates rather than DSAs?
I updated the tracker with this bug number. And I am releasing DLA 339-1
for squeeze since I just uploaded 0.08-4+deb6u1 with a fix to squeeze-lts.
I have pushed my work in the squeeze branch of the corresponding pkg-perl
git repository.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
More information about the pkg-perl-maintainers
mailing list