| Bug ID | 1014108 |
|---|---|
| Summary | VUL-0: html5lib: quote attributes that need escaping in legacy browsers |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.2 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | mikhail.kasimov@gmail.com |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
Reference: http://seclists.org/oss-sec/2016/q4/611 ==================================================== Hi As found in https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068/fix html5lib fixed a cross-site scripting vulnerability in upstream version 0.99999999 with commit https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7 References: https://github.com/html5lib/html5lib-python/issues/11 https://github.com/html5lib/html5lib-python/issues/12 Question about the CVE assignment for html5lib was raised as well in https://github.com/mozilla/bleach/issues/229 Could you please assign a CVE to identify this issue? Regards, Salvatore ==================================================== https://software.opensuse.org/search?utf8=%E2%9C%93&q=html5lib&search_devel=false&search_unsupported=false&baseproject=openSUSE%3ALeap%3A42.2