Sicherheit: Mehrere Probleme in python-feedparser


ID:	FEDORA-2011-4894

Distribution:	Fedora

Plattformen:	Fedora 14

Datum:	Di, 26. April 2011, 10:46

Referenzen:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5065

Originalnachricht
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2011-4894 2011-04-06 21:48:15 -------------------------------------------------------------------------------- Name : python-feedparser Product : Fedora 14 Version : 5.0.1 Release : 1.fc14 URL : http://feedparser.org/ Summary : Parse RSS and Atom feeds in Python Description : Universal Feed Parser is a Python module for downloading and parsing syndicated feeds. It can handle RSS 0.90, Netscape RSS 0.91, Userland RSS 0.91, RSS 0.92, RSS 0.93, RSS 0.94, RSS 1.0, RSS 2.0, Atom 0.3, Atom 1.0, and CDF feeds. It also parses several popular extension modules, including Dublin Core and Apple's iTunes extensions. -------------------------------------------------------------------------------- Update Information: Current release: 5.0.1 - February 20, 2011 * Fix issue 91 (invalid text in XML declaration causes sanitizer to crash) * Fix issue 254 (sanitization can be bypassed by malformed XML comments) * Fix issue 255 (sanitizer doesn't strip unsafe URI schemes) Previous release: 5.0 - January 25, 2011 * Improved MathML support * Support microformats (rel-tag, rel-enclosure, xfn, hcard) * Support IRIs * Allow safe CSS through sanitization * Allow safe HTML5 through sanitization * Support SVG * Support inline XML entity declarations * Support unescaped quotes and angle brackets in attributes * Support additional date formats * Added the request_headers argument to parse() * Added the response_headers argument to parse() * Support multiple entry, feed, and source authors * Officially make Python 2.4 the earliest supported version * Support Python 3 * Bug fixes, bug fixes, bug fixes -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 5 2011 Luke Macken - 5.0.1-1 - Latest upstream release - Remove feedparser_utf8_decoding.patch - Remove democracynow_feedparser_fix.patch - Run the test suite * Tue Feb 8 2011 Fedora Release Engineering - 4.1-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #684877 - CVE-2009-5065 CVE-2011-1156 CVE-2011-1157 CVE-2011-1158 python-feedparser: multiple flaws corrected in version 5.1 https://bugzilla.redhat.com/show_bug.cgi?id=684877 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update python-feedparser' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce