[pkg-php-pear] Bug#764885: Security flaws in the current Debian version

David Prévot taffit at debian.org
Sat Oct 11 20:57:25 UTC 2014

Package: php-htmlpurifier
Version: 4.4.0+dfsg1-1
Severity: serious
Tags: security


HTMLPurifier 4.6.0, published almost a year ago, “is a major security
release, fixing numerous bad quadratic asymptotics in HTML Purifier's
core algorithms.” according to upstream changelog. “Additionally, the
secure URI munging algorithm has changed to do a proper HMAC.”

You may wish to maintain this package inside the PHP PEAR Maintainers
team and take advantage of the pkg-php-tools helper.



-- System Information:
Debian Release: jessie/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-2-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages php-htmlpurifier depends on:
ii  php5  5.6.0+dfsg-1

Versions of packages php-htmlpurifier recommends:
ii  php5-cli  5.6.0+dfsg-1+b1

php-htmlpurifier suggests no packages.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20141011/05e8caf6/attachment.sig>

More information about the pkg-php-pear mailing list