projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2c3dc38) | patch
package/python-markdown2: fix CVE-2020-11888
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Mon, 11 May 2020 19:22:37 +0000 (21:22 +0200)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Fri, 15 May 2020 20:35:42 +0000 (22:35 +0200)
commit604fe088060c1c3b348f007459c40f51ed23cb0d
treec2b539610803f62d0393b0e7f9009d17643a9b7ftree
parent2c3dc380a0417915cddab14c925e2892585e76dccommit | diff
package/python-markdown2: fix CVE-2020-11888

python-markdown2 through 2.3.8 allows XSS because element names are
mishandled unless a \w+ match succeeds. For example, an attack might use
elementname@ or elementname- with an onclick attribute.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/python-markdown2/0001-Fix-for-issue-348-incomplete-tags-with-punctuation-after-as-part-of.patch [new file with mode: 0644] blob
package/python-markdown2/0002-Better-fix-for-issue-348.patch [new file with mode: 0644] blob
package/python-markdown2/python-markdown2.mk diff | blob | history