17478 – mgaadv does not parse < and > properly

Bug 17478 - mgaadv does not parse < and > properly

Summary: mgaadv does not parse < and > properly

Status:	NEW

Alias:	None

Product:	Infrastructure
Classification:	Unclassified
Component:	Others (show other bugs)
Version:	unspecified
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Sysadmin Team
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2016-01-12 15:24 CET by Rémi Verschelde
Modified:	2016-01-12 15:24 CET (History)
CC List:	1 user (show)

See Also:
Source RPM:	mga-advisories
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Rémi Verschelde 2016-01-12 15:24:19 CET

As seen in bug 16776 comment 26, mgaadv produced a broken advisory (http://advisories.mageia.org/MGASA-2016-0006.html) when parsing a description with the word "<script>" (http://svnweb.mageia.org/advisories/16776.adv?view=markup).

If < and > are valid in yaml, then we probably need to fix the parser. If they are not valid, we should see if advisory uploaders should escape them (and/or avoid them), and if we can print a warning or an error before validating such updates and pushing their advisory.

Reproducible: 

Steps to Reproduce:

Note You need to log in before you can comment on or make changes to this bug.