http://bugzilla.opensuse.org/show_bug.cgi?id=1014108 Bug ID: 1014108 Summary: VUL-0: html5lib: quote attributes that need escaping in legacy browsers Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Reference: http://seclists.org/oss-sec/2016/q4/611 ==================================================== Hi As found in https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/pyth... html5lib fixed a cross-site scripting vulnerability in upstream version 0.99999999 with commit https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f... References: https://github.com/html5lib/html5lib-python/issues/11 https://github.com/html5lib/html5lib-python/issues/12 Question about the CVE assignment for html5lib was raised as well in https://github.com/mozilla/bleach/issues/229 Could you please assign a CVE to identify this issue? Regards, Salvatore ==================================================== https://software.opensuse.org/search?utf8=%E2%9C%93&q=html5lib&search_devel=false&search_unsupported=false&baseproject=openSUSE%3ALeap%3A42.2 -- You are receiving this mail because: You are on the CC list for the bug.