Advisories » MGAA-2015-0030

Updated python3 packages fix a bug in HTMLParser

Publication date: 27 Mar 2015
Modification date: 27 Mar 2015
Type: bugfix
Affected Mageia releases : 4

Description

A bug in HTMLParser in Python3 before 3.3.5 causes the parser to not behave
correctly when passed an invalid numeric character entity reference containing
non-numeric data (python#20288).

The unexpected behavior could cause an infinite loop in client code, as was
the case in Django 1.6 and newer. This caused an issue known as CVE-2015-2316,
which was fixed in the Django advisory on March 18th.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15540
• http://bugs.python.org/issue20288
• https://www.djangoproject.com/weblog/2015/mar/18/security-releases/

SRPMS

4/core

• python3-3.3.2-13.5.mga4