Turns out the error is in the CPAN module. The XML::Parser module can
not handle the foreign character (umlot o).
On Thu, 30 Sep 2004 10:24:20 -0400, Khurt Williams
<khurtwilliams@gmail.com> wrote:
There appears to be an error in the RSS feed (
http://www.nessus.org/rss.php). I use the CPAN module XML::RSS to
parse the feed and display on an internal web site. As of yesterday
that module dies with a parsing error. I ran the module in debug mode
and it dies at the 10th item in the list.[DSA541] DSA-541-1
icecast-server. Looking at the XML I see the following: There is a
straing character after the W in Markus's name.
<item rdf:about="http://cgi.nessus.org/plugins/dump.php3?id=15378";>
<title>[DSA541] DSA-541-1 icecast-server</title>
-
<description>
<br />
Markus Wïrle discovered a cross site scripting problem in<br />
status-display (list.cgi) of the icecast internal webserver, an MPEG<br />
layer III streaming server. The UserAgent variable is not properly<br />
html_escaped so that an attacker could cause the client to execute<br />
arbitrary Java script commands.<br />
<br />
For the stable distribution (woody) this problem has been fixed in<br />
version 1.3.11-4.2.<br />
<br />
For the unstable distribution (sid) this problem has been fixed in<br />
version 1.3.12-8.<br />
We recommend that you upgrade your icecast-server package.<br />
<br />
<br />
Solution: <a href="http://www.debian.org/security/2004/dsa-541";
target="_blank">http://www.debian.org/security/2004/dsa-541</a><br />
Risk factor: High
</description>
<link>http://cgi.nessus.org/plugins/dump.php3?id=15378</link>
<dc:date>09/30/2004, 7:23</dc:date>
</item>
--
Sincerely,
Khurt Williams
http://ossnews.blogspot.com
--
Sincerely,
Khurt Williams
http://ossnews.blogspot.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
