Skip Menu |

This queue is for tickets about the XML-RSS CPAN distribution.

Report information
The Basics
Id: 23435
Status: resolved
Priority: 0/
Queue: XML-RSS
People
Owner: Nobody in particular
Requestors: SHLOMIF [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: 1.20
Fixed in: (no value)

History Show all quoted text
  Fri Nov 17 10:53:04 2006 SHLOMIF [...] cpan.org - Ticket created
Subject: Rest of the Date Conversion Patch + Fix for a Markup Injection Vulnerability
This patch applies the rest of the date conversion modifications to the code. Plus, it fixes some Markup injection (or XSS) vulnerabilities that were left in the old code (along with adding tests). The problem was that the _tag_if_valid function did not use _encode to encode its text. Should we report this vulnerability to a security forum? Regards, Shlomi Fish
Subject: XML-RSS-date-conversion-2nd-patch-rev1.patch

Message body is not shown because it is too large.

  Tue Nov 28 15:07:43 2006 ABH [...] cpan.org - Correspondence added
From: ABH [...] cpan.org
Applied, thanks (r8314)
  Tue Nov 28 15:07:47 2006 The RT System itself - Status changed from 'new' to 'open'
  Tue Nov 28 15:08:19 2006 ABH [...] cpan.org - Status changed from 'open' to 'resolved'