[pkg-php-pear] Bug#764885: Security flaws in the current Debian version
David Prévot
taffit at debian.org
Sat Oct 11 20:57:25 UTC 2014
Package: php-htmlpurifier
Version: 4.4.0+dfsg1-1
Severity: serious
Tags: security
Hi,
HTMLPurifier 4.6.0, published almost a year ago, “is a major security
release, fixing numerous bad quadratic asymptotics in HTML Purifier's
core algorithms.” according to upstream changelog. “Additionally, the
secure URI munging algorithm has changed to do a proper HMAC.”
You may wish to maintain this package inside the PHP PEAR Maintainers
team and take advantage of the pkg-php-tools helper.
Regards
David
-- System Information:
Debian Release: jessie/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16-2-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages php-htmlpurifier depends on:
ii php5 5.6.0+dfsg-1
Versions of packages php-htmlpurifier recommends:
ii php5-cli 5.6.0+dfsg-1+b1
php-htmlpurifier suggests no packages.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20141011/05e8caf6/attachment.sig>
More information about the pkg-php-pear
mailing list