[Bug 444111] [NEW] [FFe] Sync planet-venus 0~bzr116-1 (universe) from Debian unstable (main)

Andrew Starr-Bochicchio a.starr.b at gmail.com
Mon Oct 5 23:57:22 BST 2009 

Public bug reported:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/planet-venus
 status new
 importance wishlist
 subscribe ubuntu-universe-sponsors
 done


Please sync planet-venus 0~bzr116-1 (universe) from Debian unstable (main)

Needed to grab fix for CVE-2009-2937:

Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet 
Venus allows remote attackers to inject arbitrary web script or HTML 
via the SRC attribute of an IMG element in a feed. 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2937


Changelog entries since current karmic version 0~bzr95-2:

planet-venus (0~bzr116-1) unstable; urgency=high

  [ Piotr Ożarowski ]
  * New upstream snapshot (Closes: #546179 - CVE-2009-2937)
  * Add python-beautifulsoup to Recommends and python-lxml to Suggests
  * Remove .py[oc] files in clean rule
  * Standards-Version bumped to 3.8.3 (no changes needed)

  [ Noah Slater ]
  * Updated debian/rules to use clean and cleanbuilddir targets.
  * Updated patch for --help output to better satisfy GNU Coding Standards.
  * Updated debian/control, updated Vcs-Browser.
  * Updated debian/control, updated Build-Depends on debhelper to 7.2.11.

 -- Python Applications Packaging Team <python-apps-
team at lists.alioth.debian.org>  Thu, 01 Oct 2009 19:12:13 +0200

Upstream changes (generated from bzr log):

revno: 115
committer: Sam Ruby <rubys at rubixe>
branch nick: venus
timestamp: Wed 2009-09-09 10:54:21 -0400
message:
  Update to the lastest html5lib; replace feedparser's sanitizer with
  html5lib's
- ------------------------------------------------------------
revno: 114
committer: Sam Ruby <rubys at rubixe>
branch nick: venus
timestamp: Wed 2009-09-09 09:20:15 -0400
message:
  Remove deprecation warnings (and update httplib2)
- ------------------------------------------------------------
revno: 113
committer: Sam Ruby <rubys at intertwingly.net>
branch nick: venus
timestamp: Mon 2009-04-20 11:15:10 -0400
message:
  Move call to utime into write
- ------------------------------------------------------------
revno: 112
committer: Sam Ruby <rubys at intertwingly.net>
branch nick: venus
timestamp: Fri 2009-02-27 14:25:38 -0500
message:
  Add a meta charset
- ------------------------------------------------------------
revno: 111
committer: Sam Ruby <rubys at intertwingly.net>
branch nick: venus
timestamp: Fri 2009-02-27 10:35:42 -0500
message:
  https://bugzilla.mozilla.org/show_bug.cgi?id=463955
- ------------------------------------------------------------
revno: 110
committer: Sam Ruby <rubys at intertwingly.net>
branch nick: venus
timestamp: Wed 2009-02-25 15:22:03 -0500
message:
  Resync with feedparser
- ------------------------------------------------------------
revno: 109
committer: Sam Ruby <rubys at intertwingly.net>
branch nick: venus
timestamp: Fri 2009-01-09 09:46:48 -0500
message:
  make the subdirectory path in the test data explicit
  props: Dave Levy
- ------------------------------------------------------------
revno: 108
committer: Sam Ruby <rubys at intertwingly.net>
branch nick: venus
timestamp: Fri 2009-01-09 03:11:16 -0500
message:
  OPML top 100 changes
- ------------------------------------------------------------
revno: 107
committer: Sam Ruby <rubys at intertwingly.net>
branch nick: venus
timestamp: Mon 2008-10-13 15:47:02 -0400
message:
  title as default name in subscriptions too...
- ------------------------------------------------------------
revno: 106
committer: Sam Ruby <rubys at intertwingly.net>
branch nick: venus
timestamp: Sat 2008-10-11 11:21:25 -0400
message:
  Handle markup and unicode in titles as channel names
- ------------------------------------------------------------
revno: 105
committer: Sam Ruby <rubys at intertwingly.net>
branch nick: venus
timestamp: Fri 2008-10-10 08:54:21 -0400
message:
  reserve room where sidebar will later be painted
- ------------------------------------------------------------
revno: 104
committer: Sam Ruby <rubys at intertwingly.net>
branch nick: venus
timestamp: Fri 2008-10-10 08:52:59 -0400
message:
  Default channel_name to source title
- ------------------------------------------------------------
revno: 103
committer: Sam Ruby <rubys at intertwingly.net>
branch nick: venus
timestamp: Mon 2008-09-29 16:39:49 -0400
message:
  Handle nested svg/mathml; recover from feedparser mangling of xhtml
- ------------------------------------------------------------
revno: 102
committer: Sam Ruby <rubys at intertwingly.net>
branch nick: venus
timestamp: Mon 2008-09-29 16:20:01 -0400
message:
  HTML5 and Chrome fixes
- ------------------------------------------------------------
revno: 101
committer: Sam Ruby <rubys at intertwingly.net>
branch nick: venus
timestamp: Sat 2008-09-13 22:53:14 -0400
message:
  leave h1
- ------------------------------------------------------------
revno: 100
committer: Sam Ruby <rubys at intertwingly.net>
branch nick: venus
timestamp: Sat 2008-09-13 22:52:59 -0400
message:
  Choose last instead
- ------------------------------------------------------------
revno: 99
committer: Sam Ruby <rubys at intertwingly.net>
branch nick: venus
timestamp: Thu 2008-09-04 11:38:23 -0400
message:
  Suggest a font for the POI character
- ------------------------------------------------------------
revno: 98
committer: Sam Ruby <rubys at intertwingly.net>
branch nick: venus
timestamp: Thu 2008-09-04 10:00:11 -0400
message:
  Webkit dates
- ------------------------------------------------------------
revno: 97
committer: Sam Ruby <rubys at intertwingly.net>
branch nick: venus
timestamp: Thu 2008-09-04 09:48:45 -0400
message:
  Webkit accomodation
- ------------------------------------------------------------
revno: 96 [merge]
committer: Sam Ruby <rubys at intertwingly.net>
branch nick: venus
timestamp: Mon 2008-08-11 08:17:17 -0400
message:
  Add test case 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)

iEYEARECAAYFAkrKec8ACgkQL4k+fGKG+22jqwCfbL9LNDDTNo46Kr6DSMtkn1DP
PdkAnAoJ2zinim4KIR+p1j8MVoMB+3Gi
=pTUM
-----END PGP SIGNATURE-----

** Affects: planet-venus (Ubuntu)
     Importance: Wishlist
         Status: New

-- 
[FFe] Sync planet-venus 0~bzr116-1 (universe) from Debian unstable (main)
https://bugs.launchpad.net/bugs/444111
You received this bug notification because you are a member of Ubuntu
Sponsors for universe, which is a direct subscriber.

More information about the Ubuntu-universe-sponsors mailing list