MDVSA-2011:082

Package name

python-feedparser

Date

2011-05-02

Advisory ID

MDVSA-2011:082

Affected versions

2010.1 x86_64 , 2010.1 i586 , 2010.0 x86_64 , 2010.0 i586

Problem description

Multiple vulnerabilities has been found and corrected in
python-feedparser:

Cross-site scripting (XSS) vulnerability in feedparser.py in Universal
Feed Parser (aka feedparser or python-feedparser) before 5.0 allows
remote attackers to inject arbitrary web script or HTML via vectors
involving nested CDATA stanzas (CVE-2009-5065).

feedparser.py in Universal Feed Parser (aka feedparser or
python-feedparser) before 5.0.1 allows remote attackers to cause
a denial of service (application crash) via a malformed DOCTYPE
declaration (CVE-2011-1156).

Cross-site scripting (XSS) vulnerability in feedparser.py in Universal
Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1
allows remote attackers to inject arbitrary web script or HTML via
malformed XML comments (CVE-2011-1157).

Cross-site scripting (XSS) vulnerability in feedparser.py in Universal
Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1
allows remote attackers to inject arbitrary web script or HTML
via an unexpected URI scheme, as demonstrated by a javascript: URI
(CVE-2011-1158).

The updated packages have been patched to correct these issues.

Updated packages

2010.1 x86_64

 e2c9e191284c9dc7e123507c4d87dc3a  2010.1/x86_64/python-feedparser-4.1-8.1mdv2010.2.noarch.rpm 
 b607fb48d18dd1f36e57eacdd0e58d0c  2010.1/SRPMS/python-feedparser-4.1-8.1mdv2010.2.src.rpm

2010.1 i586

 80fff459cd61b9aba23b2be1b9394818  2010.1/i586/python-feedparser-4.1-8.1mdv2010.2.noarch.rpm 
 b607fb48d18dd1f36e57eacdd0e58d0c  2010.1/SRPMS/python-feedparser-4.1-8.1mdv2010.2.src.rpm

2010.0 x86_64

 8c5a3801ca983d2dc0ad7e02623d42f8  2010.0/x86_64/python-feedparser-4.1-7.1mdv2010.0.noarch.rpm 
 1f6d6105caf4bfd6598f82474f6f206a  2010.0/SRPMS/python-feedparser-4.1-7.1mdv2010.0.src.rpm

2010.0 i586

 d082d602b9ee29e10fca9f8fb1b6b9f2  2010.0/i586/python-feedparser-4.1-7.1mdv2010.0.noarch.rpm 
 1f6d6105caf4bfd6598f82474f6f206a  2010.0/SRPMS/python-feedparser-4.1-7.1mdv2010.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1158
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1157
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1156
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5065