libhtml-stripscripts-perl 1.06-1ubuntu0.20.04.1 source package in Ubuntu
Changelog
libhtml-stripscripts-perl (1.06-1ubuntu0.20.04.1) focal-security; urgency=medium
* SECURITY UPDATE: Regular expression Denial of Service
- debian/patches/CVE-2023-24038.patch: Handler for style attribute
is vulnerable to ReDoS.
- CVE-2023-24038
-- Paulo Flabiano Smorigo <email address hidden> Mon, 15 May 2023 17:06:00 -0300
Upload details
- Uploaded by:
- Paulo Flabiano Smorigo
- Uploaded to:
- Focal
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- perl
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Focal | updates | universe | perl | |
| Focal | security | universe | perl |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| libhtml-stripscripts-perl_1.06.orig.tar.gz | 43.7 KiB | 222bfb7ec1fdfa465e32da3dc4abed2edc7364bbe19e8e3c513c7d585b0109ad |
| libhtml-stripscripts-perl_1.06-1ubuntu0.20.04.1.debian.tar.xz | 3.7 KiB | fef28c61caa340cc0fb220aecc1dc7a2e5c923eb75837f1b858f61f9c2697d0b |
| libhtml-stripscripts-perl_1.06-1ubuntu0.20.04.1.dsc | 2.4 KiB | fb4a2241518ed9f7c0318351958534ecfd305b989dcb33223b2b0d2389a211f4 |
Available diffs
Binary packages built by this source
- libhtml-stripscripts-perl: module for removing scripts from HTML
HTML::StripScripts is a Perl module for neutralizes scripting constructs in
HTML, leaving as much non-scripting markup in place as possible. This allows
web applications to display HTML originating from an untrusted source without
introducing cross-site scripting (XSS) vulnerabilities.
.
The process is based on whitelists of tags, attributes and attribute values.
This approach is the most secure against disguised scripting constructs hidden
in malicious HTML documents.
.
As well as removing scripting constructs, this module ensures that there is a
matching end for each start tag, and that the tags are properly nested.
.
You will probably use HTML::StripScripts::Parser rather than using this module
directly (see libhtml-stripscripts- parser- perl).
