Control: retitle -1 python-bleach: CVE-2018-7753: URI values with character entities not properly sanitized
Hi Scott, On Wed, Mar 07, 2018 at 02:09:14AM -0500, Scott Kitterman wrote: > Package: src:python-bleach > Version: 2.1.2-1 > Severity: important > Tags: upstream, security > > > Version 2.1.3 (March 5th, 2018) > ------------------------------- > > **Security fixes** > > * Attributes that have URI values weren't properly sanitized if the > values contained character entities. Using character entities, it > was possible to construct a URI value with a scheme that was not > allowed that would slide through unsanitized. > > This security issue was introduced in Bleach 2.1. Anyone using > Bleach 2.1 is highly encouraged to upgrade. FTR, this issue was assigned CVE-2018-7753 by MITRE. Regards, Salvatore _______________________________________________ Python-modules-team mailing list Python-modules-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
