Updated python3 packages fix a bug in HTMLParser
Publication date: 27 Mar 2015Modification date: 27 Mar 2015
Type: bugfix
Affected Mageia releases : 4
Description
A bug in HTMLParser in Python3 before 3.3.5 causes the parser to not behave correctly when passed an invalid numeric character entity reference containing non-numeric data (python#20288). The unexpected behavior could cause an infinite loop in client code, as was the case in Django 1.6 and newer. This caused an issue known as CVE-2015-2316, which was fixed in the Django advisory on March 18th.
References
SRPMS
4/core
- python3-3.3.2-13.5.mga4