[Bug 582576] Re: XSS in HTML purifier 3.0.0 and 4.0.0
Launchpad Bug Tracker
582576 at bugs.launchpad.net
Sun Jun 20 09:17:10 BST 2010
This bug was fixed in the package php-htmlpurifier - 4.1.1+dfsg1-1
---------------
php-htmlpurifier (4.1.1+dfsg1-1) unstable; urgency=high
* New upstream release; upstream WHATSNEW says:
| HTML Purifier 4.1.1 is a major security and bugfix release that
| improves on 4.1's fix for an XSS vulnerability exploitable on Internet
| Explorer. It also contains a number of important bugfixes, including
| the removal of improper logic that could result in infinite loops and
| fixed parsing for single-attributes with entities with DirectLex.
* Set urgency=high due to second attempt at XSS bugfix, no CVE number
(SA39613) (Closes: #586061) (LP: #582576)
* /usr/share/php-htmlpurifier/tests/index.php no longer has a shebang,
so do not chmod +x it
-- Ubuntu Archive Auto-Sync <archive at ubuntu.com> Sun, 20 Jun 2010 09:07:52 +0100
** Changed in: php-htmlpurifier (Ubuntu Maverick)
Status: Triaged => Fix Released
--
XSS in HTML purifier 3.0.0 and 4.0.0
https://bugs.launchpad.net/bugs/582576
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is a direct subscriber.
Status in “php-htmlpurifier” package in Ubuntu: Fix Released
Status in “php-htmlpurifier” source package in Lucid: New
Status in “php-htmlpurifier” source package in Maverick: Fix Released
Status in “php-htmlpurifier” source package in Karmic: New
Bug description:
Binary package hint: php-htmlpurifier
>From the HTML Purifier 4.1.1 release announcement:
"HTML Purifier 4.1.1 is a major security and bugfix release that improves on 4.1's fix for an XSS vulnerability exploitable on Internet Explorer."
I couldn't find a CVE number or any details as to what this is. All I got was this:
http://secunia.com/advisories/39613/
Both karmic and lucid are affected by this problem.
More information about the Ubuntu-sponsors
mailing list