[SECURITY] [DLA 273-1] tidy security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 273-1] tidy security update
From: Santiago Ruano Rincón <santiagorr@riseup.net>
Date: Sat, 18 Jul 2015 12:09:52 +0200
Message-id: <[🔎] 20150718100952.GA4445@nomada>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : tidy
Version        : 20091223cvs-1+deb6u1
CVE ID         : CVE-2015-5522 CVE-2015-5523
Debian Bug     : 792571

Fernando Muñoz discovered a security issue on the HTML syntax checker and
reformatter tidy. Tidy did not properly process specific character sequences,
and a remote attacker could exploit this flaw to cause a DoS, or probably,
execute arbitrary code. Two different CVEs were assigned to this issue.

CVE-2015-5522

    Malformed html documents could lead to a heap-buffer-overflow.

CVE-2015-5523

    Malformed html documents could lead to allocate 4Gb of memory.

For the Squeeze distribution, this issue has been fixed in the
20091223cvs-1+deb6u1 version of tidy.

We recommend that you upgrade your tidy packages.

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: [SECURITY] [DLA 272-1] python-django security update
Next by Date: [SECURITY] [DLA 276-1] inspircd security update
Previous by thread: [SECURITY] [DLA 272-1] python-django security update
Next by thread: [SECURITY] [DLA 276-1] inspircd security update
Index(es):
- Date
- Thread