From ${URL} : A cross-site cripting vulnerability was found in HTML::Scrubber Perl module. If the function "comment" is enabled, an arbitrary script may be executed on the user's web browser. Affects versions 0.14 and earlier. Upstream patch: https://github.com/nigelm/html-scrubber/commit/e1978cc37867e85c06a84a4651745235010cd6cd @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
commit 4e1ccb5 (HEAD, master) Author: Patrice Clement <monsieurp@gentoo.org> Date: Thu Nov 5 21:57:00 2015 +0000 dev-perl/HTML-Scrubber: Version bump. Fixes security bug 564688. Package-Manager: portage-2.2.20.1 Signed-off-by: Patrice Clement <monsieurp@gentoo.org> create mode 100644 dev-perl/HTML-Scrubber/HTML-Scrubber-0.150.0.ebuild Arch teams, Please stabilise: =dev-perl/HTML-Scrubber-0.150.0 Target arches: amd64 ppc ppc64 x86 Thank you.
Please stabilise the following dependencies as well: dev-perl/Test-NoTabs dev-perl/Test-EOL dev-perl/Parse-CPAN-Meta dev-perl/Test-CPAN-Meta Same arches and all that jazz. Cheers!
amd64 stable
!!! All ebuilds that could satisfy "dev-perl/Parse-CPAN-Meta" have been masked. !!! One of the following masked packages is required to complete your request: - dev-perl/Parse-CPAN-Meta-1.441.700::gentoo (masked by: package.mask) /world/gentoo/portage/profiles/package.mask: # Patrice Clement <monsieurp@gentoo.org> (07 Nov 2015) # Duplicate package since it already exists as virtual/perl-Parse-CPAN-meta. # Masked for removal in 30 days.
This is why you specify atoms that include a specific version/revision I guess. And the package.mask entry broke the tree.
Stable for PPC64.
I masked dev-perl/Parse-CPAN-Meta and swapped this dependency for virtual/perl-Parse-CPAN-Meta. @ago: if you're seeing a package.mask warning about dev-perl/Parse-CPAN-Meta, ignore it. I didn't know there was a virtual for this package already in Portage. Sorry about the noise.
ppc stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
commit ddffe62 (HEAD, master) Author: Patrice Clement <monsieurp@gentoo.org> Date: Fri Nov 13 09:25:09 2015 +0000 dev-perl/HTML-Scrubber: Remove vulnerable version. Fixes security bug 564688. Package-Manager: portage-2.2.20.1 Signed-off-by: Patrice Clement <monsieurp@gentoo.org> delete mode 100644 dev-perl/HTML-Scrubber/HTML-Scrubber-0.90.0-r1.ebuild
Nothing to do for us anymore.
Arches and Maintainer(s), Thank you for your work. No GLSA's for Cross-Site Scripting (XSS) as per policy. Closing [noglsa].
