Advisories » MGASA-2018-0066

Updated python-mistune packages fix security vulnerabilities

Publication date: 07 Jan 2018
Modification date: 07 Jan 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-15612 , CVE-2017-16876

Description

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such
as in java\nscript:) or a crafted email address, related to the escape
and autolink functions (CVE-2017-15612).

A cross-site-scripting vulnerability was found in python-mistune
(CVE-2017-16876).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22276
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NUR3GMHQBMA3UC4PFMCK6GCLOQC4LQQC/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15612
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16876

SRPMS

6/core

• python-mistune-0.7.2-1.1.mga6