[Secure-testing-team] Bug#617998: python-feedparser: please update feedparser, it hasn't been updated in a _long_ time

Sun Mar 13 09:43:51 UTC 2011

Package: python-feedparser
Version: 4.1-14
Severity: grave
Tags: security
Justification: user security hole

Please update the version of python-feedparser found in debian to something recent:

The following bugs will then be fixed:

1. Issue 195: 	XSS vulnerability in feedparser http://code.google.com/p/feedparser/issues/detail?id=195&can=1&start=100
2. Issue 255: 	html sanitizer doesn't strip unsafe uri schemes  http://code.google.com/p/feedparser/issues/detail?id=255&can=1&start=200
3. Issue 254: 	html sanitisation can be bypassed with malformed comments http://code.google.com/p/feedparser/issues/detail?id=254&can=1&start=200

-- System Information:
Debian Release: 6.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.37.3 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages python-feedparser depends on:
ii  python                  2.6.6-3+squeeze5 interactive high-level object-orie
ii  python-support          1.0.10           automated rebuilding support for P

Versions of packages python-feedparser recommends:
pn  python-chardet                <none>     (no description available)
pn  python-libxml2                <none>     (no description available)
pn  python-utidylib               <none>     (no description available)

python-feedparser suggests no packages.

-- no debconf information