CVEs have been assigned for security issues fixed upstream in python-html5lib: http://www.openwall.com/lists/oss-security/2016/12/08/8 It appears to have been fixed in 1.0b9, and the commit to fix it is linked in the message above. Mageia 5 is also affected.
CC: (none) => shlomifWhiteboard: (none) => MGA5TOO
Freeze push asked for Cauldron, for Mga5, I'll try, but that's not a major security issue.
python-html5lib-1.0b3-7.1.mga5.noarch python3-html5lib-1.0b3-7.1.mga5.noarch From python-html5lib-1.0b3-7.1.mga5.src.rpm Are in core/updates_testing Fix potential cross-site scripting vulnerablity: quote attributes that need escaping in legacy browsers. Ref : http://www.openwall.com/lists/oss-security/2016/12/08/8 https://github.com/html5lib/html5lib-python/issues/11 https://github.com/html5lib/html5lib-python/issues/12 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9909 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9910 For testers : package have a test section for both python2 and python3 that is run during build : Ran 21566 tests in 29.301s Ran 21566 tests in 35.569s So I guess that a simple update is enough.
CVE: (none) => CVE-2016-9909 and CVE-2016-9910Assignee: makowski.mageia => qa-bugsWhiteboard: MGA5TOO => (none)
Version: Cauldron => 5
URL: (none) => https://lwn.net/Vulnerabilities/709146/
MGA5-32 on Acer D620 Xfce No installation issues - OK
CC: (none) => herman.viaeneWhiteboard: (none) => MGA5-32-OK
Advisory from Comment 2 uploaded.
CC: (none) => lewyssmithWhiteboard: MGA5-32-OK => MGA5-32-OK advisory
Testing M5 x64 I could find no previous bug for this package; so following the handy advice in Comment 2 (thanks Philippe), I just installed from current repos: python-html5lib-1.0b3-7.mga5.noarch.rpm then updated it from Updates Testing to: python-html5lib-1.0b3-7.1.mga5 No problems => OK! Validating; advisory already in place.
Keywords: (none) => validated_updateWhiteboard: MGA5-32-OK advisory => MGA5-32-OK advisory MGA5-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0001.html
Status: NEW => RESOLVEDResolution: (none) => FIXED