Test ID:	1.3.6.1.4.1.25623.1.0.69464
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2011:082 (python-feedparser)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to python-feedparser announced via advisory MDVSA-2011:082. Multiple vulnerabilities has been found and corrected in python-feedparser: Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas (CVE-2009-5065). feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service (application crash) via a malformed DOCTYPE declaration (CVE-2011-1156). Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments (CVE-2011-1157). Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI (CVE-2011-1158). The updated packages have been patched to correct these issues. Affected: 2010.0, 2010.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:082 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-5065 44074 http://secunia.com/advisories/44074 47177 http://www.securityfocus.com/bid/47177 MDVSA-2011:082 http://www.mandriva.com/security/advisories?name=MDVSA-2011:082 [opensuse-updates] 20110408 openSUSE-SU-2011:0314-1 (moderate): python-feedparser security update http://lists.opensuse.org/opensuse-updates/2011-04/msg00026.html http://code.google.com/p/feedparser/issues/detail?id=195 http://support.novell.com/security/cve/CVE-2009-5065.html https://bugzilla.novell.com/show_bug.cgi?id=680074 https://bugzilla.redhat.com/show_bug.cgi?id=684877 Common Vulnerability Exposure (CVE) ID: CVE-2011-1156 43730 http://secunia.com/advisories/43730 46867 http://www.securityfocus.com/bid/46867 [oss-security] 20110314 CVE request for python-feedparser http://openwall.com/lists/oss-security/2011/03/14/18 [oss-security] 20110315 Re: CVE request for python-feedparser http://openwall.com/lists/oss-security/2011/03/15/11 http://support.novell.com/security/cve/CVE-2011-1156.html https://code.google.com/p/feedparser/issues/detail?id=91 Common Vulnerability Exposure (CVE) ID: CVE-2011-1157 http://support.novell.com/security/cve/CVE-2011-1157.html https://code.google.com/p/feedparser/issues/detail?id=254 Common Vulnerability Exposure (CVE) ID: CVE-2011-1158 http://support.novell.com/security/cve/CVE-2011-1158.html https://code.google.com/p/feedparser/issues/detail?id=255
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.