[Python-modules-commits] [python-werkzeug] 01/01: Fix XSS in debugger

Ondřej Nový onovy at moszumanska.debian.org
Thu Sep 8 18:29:21 UTC 2016 

This is an automated email from the git hooks/post-receive script.

onovy pushed a commit to branch jessie
in repository python-werkzeug.

commit 54c5db04f0cc721cf06f77575f7af2968626e07c
Author: Ondřej Nový <onovy at debian.org>
Date:   Thu Sep 8 20:23:10 2016 +0200

    Fix XSS in debugger
---
 debian/changelog                  |  6 ++++++
 debian/patches/debugger_xss.patch | 14 ++++++++++++++
 debian/patches/series             |  1 +
 3 files changed, 21 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 78aa97e..db9ff55 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+python-werkzeug (0.9.6+dfsg-1+deb8u1) jessie-proposed-updates; urgency=medium
+
+  * Fix XSS in debugger
+
+ -- Ondřej Nový <onovy at debian.org>  Thu, 08 Sep 2016 20:20:05 +0200
+
 python-werkzeug (0.9.6+dfsg-1) unstable; urgency=medium
 
   * New upstream release
diff --git a/debian/patches/debugger_xss.patch b/debian/patches/debugger_xss.patch
new file mode 100644
index 0000000..71b7a72
--- /dev/null
+++ b/debian/patches/debugger_xss.patch
@@ -0,0 +1,14 @@
+Description: Fix XSS in debugger
+Origin: https://github.com/pallets/werkzeug/commit/1034edc7f901dd645ec6e462754111b39002bd65
+
+--- a/werkzeug/debug/tbtools.py
++++ b/werkzeug/debug/tbtools.py
+@@ -337,7 +337,7 @@
+             'exception':        exc,
+             'exception_type':   escape(self.exception_type),
+             'summary':          self.render_summary(include_title=False),
+-            'plaintext':        self.plaintext,
++            'plaintext':        escape(self.plaintext),
+             'plaintext_cs':     re.sub('-{2,}', '-', self.plaintext),
+             'traceback_id':     self.id,
+             'secret':           secret
diff --git a/debian/patches/series b/debian/patches/series
index 301a669..b85f9d2 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 drop_ubuntu_font.patch
 13218de4.patch
 0bad0c25.patch
+debugger_xss.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-werkzeug.git

More information about the Python-modules-commits mailing list