Bug 17478

Summary: mgaadv does not parse < and > properly
Product: Infrastructure Reporter: Rémi Verschelde <rverschelde>
Component: OthersAssignee: Sysadmin Team <sysadmin-bugs>
Status: NEW --- QA Contact:
Severity: normal    
Priority: Normal CC: sysadmin-bugs
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: mga-advisories CVE:
Status comment:

Description Rémi Verschelde 2016-01-12 15:24:19 CET 
As seen in bug 16776 comment 26, mgaadv produced a broken advisory (http://advisories.mageia.org/MGASA-2016-0006.html) when parsing a description with the word "<script>" (http://svnweb.mageia.org/advisories/16776.adv?view=markup).

If < and > are valid in yaml, then we probably need to fix the parser. If they are not valid, we should see if advisory uploaders should escape them (and/or avoid them), and if we can print a warning or an error before validating such updates and pushing their advisory.

Reproducible: 

Steps to Reproduce: