diff options
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | NEWS | 12 | ||||
| -rw-r--r-- | tmpl/advisory.html | 13 | ||||
| -rw-r--r-- | tmpl/newadvisory.adv | 2 |
4 files changed, 21 insertions, 8 deletions
@@ -1,4 +1,4 @@ -VERSION=0.32 +VERSION=0.34 PROJECTNAME=mga-advisories TARNAME=mgaadvisories @@ -1,3 +1,15 @@ +Version 0.34 + +- Escape text when writing HTML (mga#17478) +- template: change default CVE year to 2026 + +Version 0.33 + +- show a hint if an SRPM can't be found in non-core +- include source=arch in the JSON purl parameter +- remove a couple of unneeded spaces in vulns.json +- don't always reset a "modified" value in the status file + Version 0.32 - loading all advisories is much faster on multicore machines diff --git a/tmpl/advisory.html b/tmpl/advisory.html index bdffed9..e3af76b 100644 --- a/tmpl/advisory.html +++ b/tmpl/advisory.html @@ -1,9 +1,10 @@ -[% USE date -%] +[%- USE date -%] +[%- USE HTML -%] [%- SET adv = advdb.advisories.$advisory -%] <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> - <title>Mageia Advisory: [% advisory %] - [% adv.subject %]</title> + <title>Mageia Advisory: [% advisory %] - [% HTML.escape(adv.subject) %]</title> [%- INCLUDE head.html -%] </head> <body> @@ -12,7 +13,7 @@ <div class='content'> <div class='section'> - <h2>[% adv.subject %]</h2> + <h2>[% HTML.escape(adv.subject) %]</h2> Publication date: [% date.format(adv.status.published, format => '%d %b %Y', gmt => 1) %]<br /> Modification date: [% date.format(adv.status.modified, format => '%d %b %Y', gmt => 1) %]<br /> @@ -40,7 +41,7 @@ <div class='section'> <h2>Description</h2> <pre> - [%- adv.description -%] + [%- HTML.escape(adv.description) -%] </pre> </div> @@ -48,7 +49,7 @@ <h2>References</h2> <ul> [% FOREACH ref IN adv.references -%] - <li><a href="[% ref %]">[% ref %]</a></li> + <li><a href="[% HTML.escape(ref) %]">[% HTML.escape(ref) %]</a></li> [% END %] [%- IF adv.CVE -%] [%- FOREACH cve IN adv.CVE.list -%] @@ -65,7 +66,7 @@ <h3>[% rel %]/[% media %]</h3> <ul> [% FOREACH srpm IN adv.src.$rel.$media -%] - <li>[% srpm %]</li> + <li>[% HTML.escape(srpm) %]</li> [% END -%] </ul> [% END -%] diff --git a/tmpl/newadvisory.adv b/tmpl/newadvisory.adv index 5e6aaca..8d66c7b 100644 --- a/tmpl/newadvisory.adv +++ b/tmpl/newadvisory.adv @@ -2,7 +2,7 @@ type: [% type %] [% IF type == 'security' -%] subject: Updated [% name %] packages fix security vulnerability CVE: - - CVE-2025-XXXX + - CVE-2026-XXXX [% ELSE -%] subject: Updated [% name %] packages fix [something] [% END -%] |