Bug 245943
| Summary: | www/py-bleach: Update to 3.1.5, Fix security issue | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Danilo G. Baio <dbaio> | ||||||
| Component: | Individual Port(s) | Assignee: | Danilo G. Baio <dbaio> | ||||||
| Status: | Closed FIXED | ||||||||
| Severity: | Affects Some People | CC: | canardo909, koobs, sega01 | ||||||
| Priority: | --- | Keywords: | security | ||||||
| Version: | Latest | Flags: | koobs:
maintainer-feedback+
dbaio: merge-quarterly+ |
||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| URL: | https://github.com/mozilla/bleach/blob/v3.1.5/CHANGES | ||||||||
| See Also: |
https://bugzilla.mozilla.org/show_bug.cgi?id=1623633 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245972 |
||||||||
| Attachments: |
|
||||||||
|
Description
Danilo G. Baio
2020-04-26 17:32:50 UTC
A commit references this bug: Author: dbaio Date: Sun Apr 26 17:39:28 UTC 2020 New revision: 533080 URL: https://svnweb.freebsd.org/changeset/ports/533080 Log: security/vuxml: Document www/py-bleach issue PR: 245943 Security: CVE-2020-6817 Changes: head/security/vuxml/vuln.xml Thank you Danilo. The following changelog entry warrants additional testing (which we as a project should be doing more of regardless): """ **Backwards incompatible changes** * Style attributes with dashes, or single or double quoted values are cleaned instead of passed through. """ Since this will additionally be merged to quarterly, could we: - Evaluate any bleach ports consumers for any *_DEPENDS:<version-spec> issues - Run a reverse dependents poudriere run - Run QA (make test) for a bleach dependent port with a test target (test for runtime test failures with this version update) (In reply to Kubilay Kocak from comment #2) poudriere reverse test was done. I'll run make tests in the consumers, good point. and my email is dbaio@ =) net-im/py-matrix-synapse make test: PASSED (skips=1, successes=906) Do you have any updates on this? Looks like 3.1.5 is out now. Thank you! Created attachment 214250 [details]
py-bleach-3.1.5.patch
makte test: 335 passed, 3 xfailed, 1 warnings in 1.09 seconds (3.1.5) poudriere ok (11, 12, CURRENT; i386, amd64) Comment on attachment 214250 [details]
py-bleach-3.1.5.patch
Approved by: koobs (maintainer)
MFH: 2020Q2 (security, bugfix release(s))
A commit references this bug: Author: dbaio Date: Fri May 8 12:14:12 UTC 2020 New revision: 534393 URL: https://svnweb.freebsd.org/changeset/ports/534393 Log: www/py-bleach: Update to 3.1.5, Fix security issue Changelog: https://github.com/mozilla/bleach/blob/v3.1.5/CHANGES PR: 245943 Approved by: koobs (maintainer) MFH: 2020Q2 (security, bugfix release(s)) Security: 4c52ec3c-86f3-11ea-b5b4-641c67a117d8 Changes: head/www/py-bleach/Makefile head/www/py-bleach/distinfo A commit references this bug: Author: dbaio Date: Thu May 14 11:52:06 UTC 2020 New revision: 535227 URL: https://svnweb.freebsd.org/changeset/ports/535227 Log: MFH: r534393 www/py-bleach: Update to 3.1.5, Fix security issue Changelog: https://github.com/mozilla/bleach/blob/v3.1.5/CHANGES PR: 245943 Approved by: koobs (maintainer) Security: 4c52ec3c-86f3-11ea-b5b4-641c67a117d8 Approved by: ports-secteam (joneum) Changes: _U branches/2020Q2/ branches/2020Q2/www/py-bleach/Makefile branches/2020Q2/www/py-bleach/distinfo |