Stay Secure with the Latest Linux Advisories

security advisoryFedoraphp

Fedora 21: php-htmLawed Security Update for HTML Tag Issues

**1.1.20** - 9 June 2015. Fix for a potential security vulnerability arising from unescaped double-quote character in single-quoted attribute value of some deprecated elements when tag transformation is enabled; recognition for non-(HTML4) standard 'allowfullscreen' attribute of 'iframe.'. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-10169 2015-06-20 13:33:20 -------------------------------------------------------------------------------- Name : php-htmLawed Product : Fedora 21 Version : 1.1.20 Release : 1.fc21 URL : http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/ Summary : PHP code to purify and filter HTML Description : PHP code to purify and filter HTML * make HTML markup in text secure and standard-compliant * process text for use in HTML, XHTML or XML documents * restrict HTML elements, attributes or URL protocols using black or white-lists * balance tags, check element nesting, transform deprecated attributes and tags, make relative URLs absolute, etc. * fast, highly customizable, well-documented * single, 48 kb file * simple HTML Tidy alternative * free and licensed under LGPL v3 and GPL v2+ * use to filter, secure and sanitize HTML in blog comments or forum posts, generate XML-compatible feed items from web-page excerpts, convert HTML to XHTML, pretty-print HTML, scrape web-pages, reduce spam, remove XSS code, etc. -------------------------------------------------------------------------------- Update Information: **1.1.20** - 9 June 2015. Fix for a potential security vulnerability arising from unescaped double-quote character in single-quoted attribute value of some deprecated elements when tag transformation is enabled; recognition for non-(HTML4) standard 'allowfullscreen' attribute of 'iframe.' -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 18 2015 Remi Collet - 1.1.20-1 - update to 1.1.20 * Thu Jun18 2015 Fedora Release Engineering - 1.1.19-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Tue Jan 20 2015 Remi Collet - 1.1.19-1 - update to 1.1.19 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update php-htmLawed' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/ . Critical patch applied to php-htmLawed in Fedora 21 addressing a vulnerability involving unescaped single quotes in HTML elements.. php htmLawed update,Fedora security,HTML sanitization,tag transformation. . Severity: Important. LinuxSecurity.com Team

Jun 30, 2015 •Important Fedora