Advisories ยป MGAA-2015-0030

Updated python3 packages fix a bug in HTMLParser

Publication date: 27 Mar 2015
Type: bugfix
Affected Mageia releases : 4

Description

A bug in HTMLParser in Python3 before 3.3.5 causes the parser to not behave
correctly when passed an invalid numeric character entity reference containing
non-numeric data (python#20288).

The unexpected behavior could cause an infinite loop in client code, as was
the case in Django 1.6 and newer. This caused an issue known as CVE-2015-2316,
which was fixed in the Django advisory on March 18th.
                

References

SRPMS

4/core