[Bug 582576] Re: XSS in HTML purifier 3.0.0 and 4.0.0

[Thorsten Glaser]

François Marier: would you be interested in helping with the package’s development?
I’m doing this as part of my work on FusionForge, but we don’t have any real test
cases, and so I’m usually wary of uploading anything in fear of breaking things…
drop me (tg at d.o) an eMail if you’re interested…

-- 
XSS in HTML purifier 3.0.0 and 4.0.0
https://bugs.launchpad.net/bugs/582576
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is a direct subscriber.

Status in “php-htmlpurifier” package in Ubuntu: Triaged
Status in “php-htmlpurifier” source package in Lucid: New
Status in “php-htmlpurifier” source package in Maverick: Triaged
Status in “php-htmlpurifier” source package in Karmic: New

Bug description:
Binary package hint: php-htmlpurifier

>From the HTML Purifier 4.1.1 release announcement:

"HTML Purifier 4.1.1 is a major security and bugfix release that improves on 4.1's fix for an XSS vulnerability exploitable on Internet Explorer."

I couldn't find a CVE number or any details as to what this is. All I got was this:

  http://secunia.com/advisories/39613/

Both karmic and lucid are affected by this problem.