Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

jsoup: CVE-2015-6748: XSS vulnerability in jsoup related to incomplete tags at EOF

Related Vulnerabilities: CVE-2015-6748  

Source

Debian Bug report logs - #797275
jsoup: CVE-2015-6748: XSS vulnerability in jsoup related to incomplete tags at EOF

version graph

Package: src:jsoup; Maintainer for src:jsoup is Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Sat, 29 Aug 2015 05:30:01 UTC

Severity: important

Tags: fixed-upstream, patch, security, upstream

Found in version jsoup/1.6.2-1

Fixed in version jsoup/1.8.3-1

Done: Emmanuel Bourg <ebourg@apache.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#797275; Package src:jsoup. (Sat, 29 Aug 2015 05:30:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>. (Sat, 29 Aug 2015 05:30:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: jsoup: CVE-2015-6748: XSS vulnerability in jsoup related to incomplete tags at EOF
Date: Sat, 29 Aug 2015 07:27:54 +0200
Source: jsoup
Version: 1.6.2-1
Severity: important
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for jsoup.

CVE-2015-6748[0]:
XSS vulnerability in jsoup related to incomplete tags at EOF

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-6748
[1] http://www.openwall.com/lists/oss-security/2015/08/28/3

Regards,
Salvatore

Reply sent to Emmanuel Bourg <ebourg@apache.org>:
You have taken responsibility. (Sat, 29 Aug 2015 22:27:10 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Sat, 29 Aug 2015 22:27:10 GMT) (full text, mbox, link).

Message #10 received at 797275-close@bugs.debian.org (full text, mbox, reply):

From: Emmanuel Bourg <ebourg@apache.org>
To: 797275-close@bugs.debian.org
Subject: Bug#797275: fixed in jsoup 1.8.3-1
Date: Sat, 29 Aug 2015 22:23:04 +0000
Source: jsoup
Source-Version: 1.8.3-1

We believe that the bug you reported is fixed in the latest version of
jsoup, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 797275@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg <ebourg@apache.org> (supplier of updated jsoup package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 29 Aug 2015 22:40:04 +0200
Source: jsoup
Binary: libjsoup-java libjsoup-java-doc
Architecture: source all
Version: 1.8.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebourg@apache.org>
Description:
 libjsoup-java - Java HTML parser that makes sense of real-world HTML soup
 libjsoup-java-doc - Documentation for jsoup HTML Parser
Closes: 797275
Changes:
 jsoup (1.8.3-1) unstable; urgency=medium
 .
   * New upstream release (Closes: #797275)
   * Refreshed the patch
Checksums-Sha1:
 5ddedbe372a909f3829fb6ee51f11559cd3749cb 2152 jsoup_1.8.3-1.dsc
 6748683c1d271a46916c562624bf8c80e712eda7 143156 jsoup_1.8.3.orig.tar.xz
 0ad887b6fb99c6c32eb607d41f11887c83e171f6 40036 jsoup_1.8.3-1.debian.tar.xz
 93e0b00d54546c0cdeb760cd51bb511176a5db53 152572 libjsoup-java-doc_1.8.3-1_all.deb
 648b554df1138ec65472bb117b73f06bcffc8136 308390 libjsoup-java_1.8.3-1_all.deb
Checksums-Sha256:
 b10cbc3d2afdc8ca8113614ecb4b9a6946a9e4024cf5da5687045e2f1a0be012 2152 jsoup_1.8.3-1.dsc
 005fdf34d11ed26eb0604b08d228d49040e0f213df2afd1f8459db2821cc7b27 143156 jsoup_1.8.3.orig.tar.xz
 8ae37ed7673c8051f0482a867cd1091a7bffa8c7cec4096a56a2a159d9419827 40036 jsoup_1.8.3-1.debian.tar.xz
 a1dc9ae7d2ce63cb0ecdfbbe68938cb987eb07e77317fe469d5098742bfd6186 152572 libjsoup-java-doc_1.8.3-1_all.deb
 9e39a5a843cc897a1c5cb0b865a1ffb6226d68cff0c4606f92e5eda9a7e8e141 308390 libjsoup-java_1.8.3-1_all.deb
Files:
 4443781dc8959ba8c2acd1ddd4695495 2152 java optional jsoup_1.8.3-1.dsc
 f7528745064ba46b8d6583923902e198 143156 java optional jsoup_1.8.3.orig.tar.xz
 be9f1c3c9ffec8819b097ec8cecada0a 40036 java optional jsoup_1.8.3-1.debian.tar.xz
 0964b44600f8bbf1964be9a17602cde0 152572 doc optional libjsoup-java-doc_1.8.3-1_all.deb
 e0404c5083ef384e0767414d48d6ad9f 308390 java optional libjsoup-java_1.8.3-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJV4i3KAAoJEPUTxBnkudCsENQP/iq6VzMZltUgSG4ddjdZwmGD
8ZaNy5ZpPBaX52P3nTg7WA/Tkd2dM8hvIO8bPEKITGfbDB9sAzaXB84qCICCYsy2
OjjLov5LZGlA7k2uAMgRFTJz811QBxFt+XcM+MyhCUUMHFT05WE5V2Z4Eo+PNu+c
UYA/FuA6Db+SnbyqvbR+8QbRPZ9/os984JBh4GR4mrekuOOkYhLduyRLNeDkbm+c
SrtPomoujFlyX5RAhBTeWfk1pMSyOCkB/Uk4aXj4ql3kz4QO2M3BT0lhtumGrnwT
qNyZnsyNeU/1psJLdljSIJPtpcbDJbgMT5gISl7A6Noidlzid48/uigu7+HpDIF2
gbQ7ZY0jiDLb+2rqvIsubLAu4gyjUiFmoQhkuju/rugPfYuCW4AxbYCtBepqF024
WNyHlo2x/lWB05hNqA6xM+YJHBgjix13abPq8Iw6cI+SylASJVT8TisVh4qmKu8V
rlsY7jdNXVmWvAkb5DKIimiLONgnANKmsPUN+GDBTYHiUxjkB5dK6Ygap+C4cOSS
mUFK/rTOuLwkfLR89UVPrdfKZOFETFDYP6SMdoSLziijRaKNcqhzhIhQ6PmA95sD
kXzOrxPrjILS0Fb4rpXU0yFoE61lnGGyV3bzML8rCPR12f+L49kBmoWXTbfW70SQ
c6xieF1cRpRQ3c350aZh
=st3P
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 02 Oct 2015 07:39:43 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:01:17 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started