Your message dated Thu, 08 Apr 2021 16:03:41 +0000
with message-id <e1lux89-0000ps...@fasolo.debian.org>
and subject line Bug#986251: fixed in python-bleach 3.2.1-2.1
has caused the Debian Bug report #986251,
regarding python-bleach: CVE-2021-23980
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
986251: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986251
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: python-bleach
Version: 3.2.1-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for python-bleach.
CVE-2021-23980[0]:
| mutation XSS via allowed math or svg; p or br; and style, title,
| noscript, script, textarea, noframes, iframe, or xmp tags with
| strip_comments=False
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-23980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23980
[1] https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1689399
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-bleach
Source-Version: 3.2.1-2.1
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
python-bleach, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 986...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated python-bleach
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 03 Apr 2021 17:17:55 +0200
Source: python-bleach
Architecture: source
Version: 3.2.1-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+pyt...@tracker.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 986251
Changes:
python-bleach (3.2.1-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* sanitizer: escape HTML comments (CVE-2021-23980) (Closes: #986251)
* tests: add tests for more eject tags for GHSA-vv2x-vrpj-qqpq
Checksums-Sha1:
207ed2d60885bdee78be75dc22064b4b15df8b9b 2688 python-bleach_3.2.1-2.1.dsc
4a838968298c69b3bb634d1131152acd7302afca 10820
python-bleach_3.2.1-2.1.debian.tar.xz
9110775c6f7493bd90da53698e21b95bce5e321a 7191
python-bleach_3.2.1-2.1_source.buildinfo
Checksums-Sha256:
7f7b0fdc7aedd141809b90429ee7285ba443e3864f7dc7b058ce62730bce5f44 2688
python-bleach_3.2.1-2.1.dsc
e1f821925ca62012c9d54d58029ce57ea2d2f2bb14a8b518db6b3dab5919aff3 10820
python-bleach_3.2.1-2.1.debian.tar.xz
ae94f5cf54b2944bae56a41648b234a8b297b18037fc280b99bd3160fff99cf7 7191
python-bleach_3.2.1-2.1_source.buildinfo
Files:
9c84fb4bc40fb3e3f7f3b9cae0310260 2688 python optional
python-bleach_3.2.1-2.1.dsc
77b86e06bc12fd71ecefb03bfcf08e80 10820 python optional
python-bleach_3.2.1-2.1.debian.tar.xz
d3396d98f48ece5833262599ca695a0d 7191 python optional
python-bleach_3.2.1-2.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmBoh1ZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ei+QP/A1hKV2Tp5JkGix9rM7IEe8NUtAVn7nU
BebDGZ/9BSnvojFLHtAfYTAMKjrmO5fIeJQd7GGiguK/zS7/kLI1diNVwW58lz1N
gYs9n3VKL9O/2s1gFvlAlK3srNDIkDrZans3DENB6fitaX0HuILwiLHaQmlI1NhD
oIzo/Lw8SjvnjsOVGKFLCKNHI2UddtF6VFZ0ZYDvl0RQsyVQVuMalAAnc4Dww3XY
Z4W4b3CVV1yPO1khgbC7zjk+zjVrWyuQE23DxXYvh83rh3W67N9FLHIFTqx+TWuC
EwNdkv1haNUpReBFDaiWIVr2UKHvusPNU3l9/n6Az8te9BcwdXfqYy42Pg8te4he
7stkez2EOd/qzSJ5cLStigfuUQaHSx9kpVukssws8oEEDBxuvRrdbSklmHso3N5D
o/F9vlEy8gT4A0yi6vkyyuhEB1RfGwkZVzkWc4kdUhU2rD4ThghubTEYp0iPGNMp
VB/oSRaX8Obgvv0X5p4J9hugFs9wIOsR6p/J8ROoFjIHB6aBWc4MaXPyAxqrlUEJ
09lrjejKqekNBKAOlwEML1SjwjL/Cx2NcyPCyKVNx7XPVWt2Q2b1IW322DNH1G5i
EAg3yV0/DsFskPeou6GPP/DVxFFJ+xuLZivYGkBzP1IAgvHaoCpHi2gQP/gFSb+T
6+1KtyBT5Sem
=w0oJ
-----END PGP SIGNATURE-----
--- End Message ---
