Skip Menu |
 

This queue is for tickets about the XML-RSS CPAN distribution.

Report information
The Basics
Id: 23435
Status: resolved
Priority: 0/
Queue: XML-RSS

People
Owner: Nobody in particular
Requestors: SHLOMIF [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: 1.20
Fixed in: (no value)

Attachments
XML-RSS-date-conversion-2nd-patch-rev1.patch



Subject: Rest of the Date Conversion Patch + Fix for a Markup Injection Vulnerability
Download (untitled) / with headers
text/plain 379b
This patch applies the rest of the date conversion modifications to the code. Plus, it fixes some Markup injection (or XSS) vulnerabilities that were left in the old code (along with adding tests). The problem was that the _tag_if_valid function did not use _encode to encode its text. Should we report this vulnerability to a security forum? Regards, Shlomi Fish
Subject: XML-RSS-date-conversion-2nd-patch-rev1.patch

Message body is not shown because it is too large.

From: ABH [...] cpan.org
Applied, thanks (r8314)


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.