Overview
Request 1172259 accepted
- update to 3.1.4 (bsc#1223980, CVE-2024-34064):
* The xmlattr filter does not allow keys with / solidus, >
greater-than sign, or = equals sign, in addition to disallowing
spaces. Regardless of any validation done by Jinja, user input
should never be used as keys to this filter, or must be separately
validated first.
- Created by dirkmueller
- In state accepted
Request History
dirkmueller created request
- update to 3.1.4 (bsc#1223980, CVE-2024-34064):
* The xmlattr filter does not allow keys with / solidus, >
greater-than sign, or = equals sign, in addition to disallowing
spaces. Regardless of any validation done by Jinja, user input
should never be used as keys to this filter, or must be separately
validated first.
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
anag+factory set openSUSE:Factory:Staging:D as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:D"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:D"
darix accepted review
Accepted review for by_group opensuse-review-team request 1172259 from user anag+factory
dimstar_suse accepted review
Staging Project openSUSE:Factory:Staging:D got accepted.
dimstar_suse approved review
Staging Project openSUSE:Factory:Staging:D got accepted.
dimstar_suse accepted request
Staging Project openSUSE:Factory:Staging:D got accepted.