DebianDEBIAN:DLA-339-1:1CD40[SECURITY] [DLA 339-1] libhtml-scrubber-perl security update
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
5.3 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.9%
Package : libhtml-scrubber-perl
Version : 0.08-4+deb6u1
CVE ID : CVE-2015-5667
Debian bug : 803943
HTML::Scrubber is vulnerable to a cross-site scripting (XSS) vulnerability
when the comment feature is enabled. It allows remote attackers to inject
arbitrary web script or HTML via a crafted comment.
For Debian 6 squeeze, this has been fixed in libhtml-scrubber-perl version
0.08-4+deb6u1.
Cheers,
RaphaΓ«l Hertzog β Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: PGP signature
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 8 | all | libhtml-scrubber-perl | <Β 0.11-1+deb8u1 | libhtml-scrubber-perl_0.11-1+deb8u1_all.deb |
| Debian | 6 | all | libhtml-scrubber-perl | <Β 0.08-4+deb6u1 | libhtml-scrubber-perl_0.08-4+deb6u1_all.deb |
| Debian | 7 | all | libhtml-scrubber-perl | <Β 0.09-1+deb7u1 | libhtml-scrubber-perl_0.09-1+deb7u1_all.deb |
Related
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
5.3 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.9%