Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2024-34078

Published: 6 May 2024

html-sanitizer is an allowlist-based HTML cleaner. If using `keep_typographic_whitespace=False` (which is the default), the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has been fixed in 2.4.2.

Notes

AuthorNote
0xnishit
package is FTBFS for jammy, noble

Priority

Medium

Status

Package Release Status
python-html-sanitizer
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Needed

mantic Does not exist

noble Needed

upstream Needs triage