[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 273-1] tidy security update



Package        : tidy
Version        : 20091223cvs-1+deb6u1
CVE ID         : CVE-2015-5522 CVE-2015-5523
Debian Bug     : 792571

Fernando Muñoz discovered a security issue on the HTML syntax checker and
reformatter tidy. Tidy did not properly process specific character sequences,
and a remote attacker could exploit this flaw to cause a DoS, or probably,
execute arbitrary code. Two different CVEs were assigned to this issue.

CVE-2015-5522

    Malformed html documents could lead to a heap-buffer-overflow.

CVE-2015-5523

    Malformed html documents could lead to allocate 4Gb of memory.

For the Squeeze distribution, this issue has been fixed in the
20091223cvs-1+deb6u1 version of tidy.

We recommend that you upgrade your tidy packages.

Attachment: signature.asc
Description: Digital signature


Reply to: