Advisories » MGASA-2015-0340

Updated jsoup package fixes security vulnerability

Publication date: 08 Sep 2015
Modification date: 08 Sep 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-6748

Description

Jsoup before 1.8.3 was vulnerable to a possible XSS issue in the validator,
related to how it handled tags without a closing '>' when reaching EOF
(CVE-2015-6748).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16663
• http://openwall.com/lists/oss-security/2015/08/28/5
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6748

SRPMS

5/core

• jsoup-1.8.3a-1.1.mga5