Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 538
Alerts This Week
Warning Icon 1 538

Fedora 26 Python-Mistune XSS Update: Severity Level Critical

fedora
Calendar Grey December 27, 2017
Dist Fedora Esm H88
Upgrade to Python-Mistune version 0.8.3 to patch significant XSS vulnerabilities and enhance security. Ensure your application remains protected with the most recent updates.
Update to 0.8.3, fixing CVE-2017-15612 and CVE-2017-16876

Summary

The fastest markdown parser in pure Python, inspired by marked.

Update to 0.8.3, fixing CVE-2017-15612 and CVE-2017-16876

[ 1 ] Bug #1524596 - CVE-2017-16876 python-mistune: Cross-site-scripting [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1524596

[ 2 ] Bug #1505310 - CVE-2017-15612 python-mistune: XSS via an unexpected newline / crafted email address [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1505310

[ 3 ] Bug #1432271 - python-mistune-v0.8.1 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1432271

su -c 'dnf upgrade python-mistune' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 26
Version: 0.8.3
Release: 1.fc26
Summary: Markdown parser for Python

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.