Package : tidy Version : 20091223cvs-1+deb6u1 CVE ID : CVE-2015-5522 CVE-2015-5523 Debian Bug : 792571 Fernando Muñoz discovered a security issue on the HTML syntax checker and reformatter tidy. Tidy did not properly process specific character sequences, and a remote attacker could exploit this flaw to cause a DoS, or probably, execute arbitrary code. Two different CVEs were assigned to this issue. CVE-2015-5522 Malformed html documents could lead to a heap-buffer-overflow. CVE-2015-5523 Malformed html documents could lead to allocate 4Gb of memory. For the Squeeze distribution, this issue has been fixed in the 20091223cvs-1+deb6u1 version of tidy. We recommend that you upgrade your tidy packages.
Description: Digital signature