Advisories ยป MGASA-2018-0066

Updated python-mistune packages fix security vulnerabilities

Publication date: 07 Jan 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-15612 , CVE-2017-16876

Description

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such
as in java\nscript:) or a crafted email address, related to the escape
and autolink functions (CVE-2017-15612).

A cross-site-scripting vulnerability was found in python-mistune
(CVE-2017-16876).
                

References

SRPMS

6/core