Bug #8537: Use NONET when check-mirrors parses through Nokogiri

Bug #8537

Use NONET when check-mirrors parses through Nokogiri

Added by sajolida 2015-01-06 11:32:11 . Updated 2015-08-27 08:46:47 .

Status:

Resolved

Priority:

Elevated

Assignee:

Category:

Infrastructure

Target version:

Tails_1.6

Start date:

2015-01-06

Due date:

% Done:

50%

Feature Branch:

check-mirrors:bugfix/8537-safer-nokogiri-parse-options

Type of work:

Code

Blueprint:

Starter:

Affected tool:

check-mirrors

Deliverable for:

Description

This is recommended for untrusted documents:

http://www.nokogiri.org/tutorials/parsing_an_html_xml_document.html#parse_options

https://github.com/sparklemotion/nokogiri/issues/693#issuecomment-68334768

Subtasks

History

#1 Updated by sajolida 2015-01-06 14:54:48

Category changed from 214 to Infrastructure

#2 Updated by intrigeri 2015-01-06 15:38:28

Affected tool set to check-mirrors

#3 Updated by sajolida 2015-08-10 05:30:38

Assignee deleted (~~sajolida~~)

I’m too busy for that…

#4 Updated by intrigeri 2015-08-25 01:36:47

Assignee set to sajolida
% Done changed from 0 to 50
QA Check set to Ready for QA
Feature Branch set to check-mirrors:bugfix/8537-safer-nokogiri-parse-options

I didn’t feel comfortable seeing this security issue without any assignee, so I’ve prepared a branch. Only tested on sid => please test on Jessie, review’n’merge :)

#5 Updated by BitingBird 2015-08-25 13:51:41

Target version set to Tails_1.6

#6 Updated by sajolida 2015-08-27 08:46:47

Status changed from Confirmed to Resolved
Assignee deleted (~~sajolida~~)
QA Check deleted (~~Ready for QA~~)

Merged! Thank you so much for the patch. It feels good to know that I’m not alone fighting with this code.