Bug#929228: security-tracker: MITRE descriptions containing non-ascii characters might cause issues on accessing CVE page
Package: security-tracker
Severity: normal
Found this while checking for other issues, but not time to further
properly investigate, but did now want to loose that initial tracking.
When a CVE description from MITRE contains non-ascii/non-valid
characters like
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2019-0976
> A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac
> that could allow an authenticated attacker to modify contents of the
> intermediate build folder (by default “objâ€Â),
> aka 'NuGet Package Manager Tampering Vulnerability'.
this causes issue accessing the respective CVE page once the
description has been merged:
https://security-tracker.debian.org/tracker/CVE-2019-0976
Traceback (most recent call last):
File "/usr/lib/python2.7/SocketServer.py", line 596, in process_request_thread
self.finish_request(request, client_address)
File "/usr/lib/python2.7/SocketServer.py", line 331, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python2.7/SocketServer.py", line 652, in __init__
self.handle()
File "/usr/lib/python2.7/BaseHTTPServer.py", line 340, in handle
self.handle_one_request()
File "/usr/lib/python2.7/BaseHTTPServer.py", line 328, in handle_one_request
method()
File "../lib/python/web_support.py", line 805, in do_GET
result = r.flatten_later()
File "../lib/python/web_support.py", line 662, in flatten_later
self.contents.flatten(buf.write)
File "../lib/python/web_support.py", line 334, in flatten
x.flatten(write)
File "../lib/python/web_support.py", line 334, in flatten
x.flatten(write)
File "../lib/python/web_support.py", line 286, in flatten
x.flatten(write)
File "../lib/python/web_support.py", line 334, in flatten
x.flatten(write)
File "../lib/python/web_support.py", line 334, in flatten
x.flatten(write)
File "../lib/python/web_support.py", line 332, in flatten
write(escapeHTML(x))
File "../lib/python/web_support.py", line 242, in escapeHTML
append(charToHTML[ord(ch)])
IndexError: list index out of range
Regards,
Salvatore
Reply to: