| Name | TEMP-0000000-196897 |
| Description | htmlpurifier various |
| Source | Automatically generated temporary name. Not for external reference. |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| php-htmlpurifier (PTS) | jessie | 4.6.0-1 | fixed |
| stretch | 4.7.0-2 | fixed |
| buster | 4.10.0-1 | fixed |
| bullseye, bookworm | 4.11.0-1 | fixed |
| sid, trixie | 4.11.0-2 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| mahara | source | lenny | 1.0.4-4+lenny10 | | | |
| mahara | source | (unstable) | 1.2.5-1 | | | |
| php-htmlpurifier | source | (unstable) | 4.3.0+dfsg1-1 | unimportant | | |
Notes
http://web.archive.org/web/20120515064303/http://htmlpurifier.org/news/2011/0327-4.3.0-released
htmlpurifier only provides library functions, it's not vulnerable by itself
If apps are vulnerable, this must be addressed there (as done for Mahara)