Bug ID | 1014108 |
---|---|
Summary | VUL-0: html5lib: quote attributes that need escaping in legacy browsers |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 42.2 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | mikhail.kasimov@gmail.com |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
Reference: http://seclists.org/oss-sec/2016/q4/611 ==================================================== Hi As found in https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068/fix html5lib fixed a cross-site scripting vulnerability in upstream version 0.99999999 with commit https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7 References: https://github.com/html5lib/html5lib-python/issues/11 https://github.com/html5lib/html5lib-python/issues/12 Question about the CVE assignment for html5lib was raised as well in https://github.com/mozilla/bleach/issues/229 Could you please assign a CVE to identify this issue? Regards, Salvatore ==================================================== https://software.opensuse.org/search?utf8=%E2%9C%93&q=html5lib&search_devel=false&search_unsupported=false&baseproject=openSUSE%3ALeap%3A42.2