projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2f3fc10) | patch
package/python-markdown2: fix CVE-2020-11888
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Mon, 11 May 2020 19:22:37 +0000 (21:22 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Tue, 12 May 2020 08:00:34 +0000 (10:00 +0200)
commit544007dcc4fe4561a9775436d3abcde4fb19bbe3
tree1920aa18940a2f1ba82e55be306ec39c40f815a5tree
parent2f3fc105877b506ef7ae0db91e7d4598cbb67704commit | diff
package/python-markdown2: fix CVE-2020-11888

python-markdown2 through 2.3.8 allows XSS because element names are
mishandled unless a \w+ match succeeds. For example, an attack might use
elementname@ or elementname- with an onclick attribute.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/python-markdown2/0001-Fix-for-issue-348-incomplete-tags-with-punctuation-after-as-part-of.patch [new file with mode: 0644] blob
package/python-markdown2/0002-Better-fix-for-issue-348.patch [new file with mode: 0644] blob
package/python-markdown2/python-markdown2.mk diff | blob | history