Bug#959231: security-tracker: Proxy Error on CVE-2020-11565 tracker page
Hi Florian,
On Fri, May 01, 2020 at 02:11:50PM +0200, Florian Weimer wrote:
> * Florian Weimer:
>
> > * Francesco Poli:
> >
> >> Please note that the CVE is mentioned in [DSA-4667-1].
> >>
> >> [DSA-4667-1]: <https://lists.debian.org/debian-security-announce/2020/msg00071.html>
> >>
> >> What's wrong with that tracker page?
> >
> > It's something in the NVD data that breaks the HTML escaping.
>
> This patch adds basic Unicode support to the web framework. I'm not
> sure if it is the right direction to move in, but it fixes the issue.
>
> An alternative fix would be to change the NVD importer not to put
> Unicode strings into the database, by encoding them as byte strings
> first.
Do you want to deploy that or rather investigate an alternative?
Salvatore
Reply to: