Your message dated Mon, 19 Apr 2021 19:17:08 +0000
with message-id <e1lyzoo-000ayf...@fasolo.debian.org>
and subject line Bug#986251: fixed in python-bleach 3.1.2-0+deb10u2
has caused the Debian Bug report #986251,
regarding python-bleach: CVE-2021-23980
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
986251: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986251
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: python-bleach
Version: 3.2.1-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for python-bleach.
CVE-2021-23980[0]:
| mutation XSS via allowed math or svg; p or br; and style, title,
| noscript, script, textarea, noframes, iframe, or xmp tags with
| strip_comments=False
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-23980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23980
[1] https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1689399
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-bleach
Source-Version: 3.1.2-0+deb10u2
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
python-bleach, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 986...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated python-bleach
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 15 Apr 2021 20:57:08 +0200
Source: python-bleach
Architecture: source
Version: 3.1.2-0+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Python Modules Team
<python-modules-t...@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 986251
Changes:
python-bleach (3.1.2-0+deb10u2) buster-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* sanitizer: escape HTML comments (CVE-2021-23980) (Closes: #986251)
* tests: add tests for more eject tags for GHSA-vv2x-vrpj-qqpq
Checksums-Sha1:
9ba031539b22a06f09b1f659ee571dab4d94b508 3078 python-bleach_3.1.2-0+deb10u2.dsc
da4766a03778213f682396e3c076447e35ff731a 7364
python-bleach_3.1.2-0+deb10u2.debian.tar.xz
8afd3b290a49f9e0fce033c42777c83bfd50e12f 7215
python-bleach_3.1.2-0+deb10u2_source.buildinfo
Checksums-Sha256:
f9b923411beea03058881b2b96080d2f18764abdac2d9b937a4e8a333fe85b6f 3078
python-bleach_3.1.2-0+deb10u2.dsc
433f289c7f1719dc00d283a6edc083c77310f7fba796c8dd106cd7a588fe150e 7364
python-bleach_3.1.2-0+deb10u2.debian.tar.xz
8a5fb2205eee8d75808f1920f401f9336531ef4b0cb492df55fe3b4ba7c2a4f3 7215
python-bleach_3.1.2-0+deb10u2_source.buildinfo
Files:
aec38115b9ae83fcb4cfc586c9dc7aba 3078 python optional
python-bleach_3.1.2-0+deb10u2.dsc
9af7362dd8fd7766b46ed22a64e4d59b 7364 python optional
python-bleach_3.1.2-0+deb10u2.debian.tar.xz
d41db28da4550b966d88434f5f15551e 7215 python optional
python-bleach_3.1.2-0+deb10u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmB4kKVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EW/QP/1FO9zemWMoQvqXrnKbteczaDOTURPDz
Pi1R45tIArKXCoN80zcShH21bFbHqyrTKenXEeBbI3cPQ/docLQp9JPqTpOo1XAC
1IHVcI8Dslfhf9lYqpLnjk8b1CRqtgPgIUeryN6YwZOnpcyRdnD3TPGvj82Ktyxc
hTfKvzMDV6SUOACB/rPLWe4nrL0gPyNoo3nHvvd/nmwEldvolTCdcao9XW5d8aRd
uO68JpqPSx/aZhpaH6L5JaUnklumANJ9b8X8d73yOMIZYuiTt5+kM3Acfal2M3UG
Jb6ik2WvRn+EDyziI1qwPmSZGcNv8d2UVE577AGb622PgB6SVzREFEZWn42B2mue
eBW601uAcQqMmxuuvoZybkoihkugX7dseSEm1vOnxWFzf7b9xIFfEwpSLQyg9ooU
oUb5WM6gIeKzU0Yns4pvZo4PrSY2CNtmMO8zvu+ezqDlMdDUl+wp1ge4n129c4Z3
2PgTtRI2I3zLHdxiWi98im5p64oW9hwdQfXw7Cw8lp8BYxFeyvI1bw+8emIW1IYe
Y2MO4XWnN5QqGD5g1FVv78OVq7qZ5hQ+ytch583vKLN1ZF11TJEplcR1dxD5Sdl+
ZfDxcz0u6lekB7ImqGC/Cdl2dp/gJ5lLSMiVyqAzazhmiULpPzeg7azqreoSyRW4
e7P2F5/wSoqT
=PhU4
-----END PGP SIGNATURE-----
--- End Message ---
