Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 11: FEDORA-2009-9575 Critical: Planet Insufficient Feed Sanitization

fedora
Calendar Grey September 15, 2009
Dist Fedora Esm H88
Urgent security patch released to validate data inputs from RSS feeds in the Fedora planet feed aggregator software.
Security update for sanitizing input from rss feeds.

Summary

Planet is a flexible feed aggregator, this means that it downloads feeds

and aggregates their content together into a single combined feed with

the latest news first.

It uses Mark Pilgrim's Ultra-liberal feed parser so can read from RDF, RSS

and Atom feeds and Tomas Styblo's template library to output static files

in unlimited formats based on a series of templates.

Update Information:

Security update for sanitizing input from rss feeds.

Topics%20covered

Topics Covered

security advisory fedora critical threat insufficient sanitization feed aggregator

Change Log

* Fri Sep 11 2009 Seth Vidal - 2.0-10 - javascript sanitize for https://bugzilla.redhat.com/show_bug.cgi?id=522802 * Sun Jul 26 2009 Fedora Release Engineering - 2.0-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

References


[ 1 ] Bug #522802 - CVE-2009-2937 planet: Insufficient escaping of input feeds https://bugzilla.redhat.com/show_bug.cgi?id=522802

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update planet' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: planet
Product: Fedora 11
Version: 2.0
Release: 10.fc11
URL: Summary : Flexible RDF/RSS/Atom feed aggregator

Topics%20covered

Topics Covered

security advisory fedora critical threat insufficient sanitization feed aggregator

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here