Bug #8537
Use NONET when check-mirrors parses through Nokogiri
Start date:
2015-01-06
Due date:
% Done:
50%
Description
This is recommended for untrusted documents:
http://www.nokogiri.org/tutorials/parsing_an_html_xml_document.html#parse_options
https://github.com/sparklemotion/nokogiri/issues/693#issuecomment-68334768
Subtasks
History
#1 Updated by sajolida 2015-01-06 14:54:48
- Category changed from 214 to Infrastructure
#2 Updated by intrigeri 2015-01-06 15:38:28
- Affected tool set to check-mirrors
#4 Updated by intrigeri 2015-08-25 01:36:47
- Assignee set to sajolida
- % Done changed from 0 to 50
- QA Check set to Ready for QA
- Feature Branch set to check-mirrors:bugfix/8537-safer-nokogiri-parse-options
I didn’t feel comfortable seeing this security issue without any assignee, so I’ve prepared a branch. Only tested on sid => please test on Jessie, review’n’merge :)
#5 Updated by BitingBird 2015-08-25 13:51:41
- Target version set to Tails_1.6
#6 Updated by sajolida 2015-08-27 08:46:47
- Status changed from Confirmed to Resolved
- Assignee deleted (
sajolida) - QA Check deleted (
Ready for QA)
Merged! Thank you so much for the patch. It feels good to know that I’m not alone fighting with this code.