[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3296-1] libhtml-stripscripts-perl security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-3296-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
January 31, 2023                            https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : libhtml-stripscripts-perl
Version        : 1.06-1+deb10u1
CVE ID         : CVE-2023-24038
Debian Bug     : 1029400

HTML::StripScripts, a module for removing scripts from HTML, allows
_hss_attval_style ReDoS because of catastrophic backtracking for HTML
content with certain style attributes.

For Debian 10 buster, this problem has been fixed in version
1.06-1+deb10u1.

We recommend that you upgrade your libhtml-stripscripts-perl packages.

For the detailed security status of libhtml-stripscripts-perl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libhtml-stripscripts-perl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmPYN8oACgkQgj6WdgbD
S5b3gA//d34hnkLy9tB4KQyTR+bKFZo7sWZrR/FMHM9bQLoAvxV8tNY85KGFrV8Y
rWxjzWPVnUXUo5hdiB15zb9lA/aZ7LA1ceRrRSDPGTTSz+pvRUanE+0AVpioqh4o
qYCtpkNiMpoJSRHg4mWhdZ5sR1owGmWB2+eweLl0sOWOklQSQe388Gz8LbWCnjVz
MwaMY8VLqtnvknMwG7l2hQ7HRsDmroKkSXRidLd8xz7wu1Kz6WpIuklQFgddCaDV
/SsCbUHlvdEK84SwmDRy6qx7MjQjQ1nqZ6JHu1DE8NhRz8dz/YbwAgL1IxHnuLZF
bE2LGwE6woC9i+xpqOw82cwhtwTQCDunXcZMVVNpxSgU9can8EbAYjXMrzwsA1PC
sFXYa/G2dtgXR5aYjsSOAoXfOxfErvMlP9VnL3jzduit9oD19fGCvmv4DmMR8MfD
O+s2nSDX+XWT7xdavDLH+a9Htznsp5dLRtBJCC7YiVhwd7yJtRGbCPe4Omvw+n+B
7OWPqGcQVYPcdCQkd+Q32HRVvsBl3ZirA5HIEioGIlxhRgVHIpASVEAGrYqfvyda
YgcW7pmk2p1SG1SJU/B/rhRbOFvMySsniddrQk+CAEXwmSiQNbgQi6GkbZTDbyMs
HnhM69baEcDGG+eAY2Trj7bXlaClD3HbYlTTCagtZAWyabYB6Vw=
=RyFQ
-----END PGP SIGNATURE-----


Reply to: