AVG-100

Package python-html5lib, python2-html5lib
Status Fixed
Severity Low
Type cross-site scripting
Affected 0.9999999-2
Fixed 0.999999999-1
Current 1.0.1-2 [community]
Ticket None
Created Thu Dec 8 19:31:47 2016
Issue Severity Remote Type Description
CVE-2016-9910 Low Yes Cross-site scripting
A potential cross site scripting vulnerability was found in python- html5lib due to unquoted attributes that need escaping in legacy browsers.
CVE-2016-9909 Low Yes Cross-site scripting
A potential cross site scripting vulnerability was found in python- html5lib due to unquoted attributes that need escaping in legacy browsers.
Date Advisory Package Description
12 Dec 2016 ASA-201612-13 python-html5lib cross-site scripting
12 Dec 2016 ASA-201612-12 python2-html5lib cross-site scripting
References
http://www.openwall.com/lists/oss-security/2016/12/06/5