Package: php-htmlpurifier Version: 4.4.0+dfsg1-1 Severity: serious Tags: security
Hi, HTMLPurifier 4.6.0, published almost a year ago, “is a major security release, fixing numerous bad quadratic asymptotics in HTML Purifier's core algorithms.” according to upstream changelog. “Additionally, the secure URI munging algorithm has changed to do a proper HMAC.” You may wish to maintain this package inside the PHP PEAR Maintainers team and take advantage of the pkg-php-tools helper. Regards David -- System Information: Debian Release: jessie/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (100, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-2-amd64 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages php-htmlpurifier depends on: ii php5 5.6.0+dfsg-1 Versions of packages php-htmlpurifier recommends: ii php5-cli 5.6.0+dfsg-1+b1 php-htmlpurifier suggests no packages.
signature.asc
Description: Digital signature