[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 339-1] libhtml-scrubber-perl security update



Package        : libhtml-scrubber-perl
Version        : 0.08-4+deb6u1
CVE ID         : CVE-2015-5667
Debian bug     : 803943

HTML::Scrubber is vulnerable to a cross-site scripting (XSS) vulnerability
when the comment feature is enabled. It allows remote attackers to inject
arbitrary web script or HTML via a crafted comment.

For Debian 6 squeeze, this has been fixed in libhtml-scrubber-perl version
0.08-4+deb6u1.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Attachment: signature.asc
Description: PGP signature


Reply to: