Your message dated Wed, 22 Jul 2015 15:39:31 +0000
with message-id <[email protected]>
and subject line Bug#792571: fixed in tidy 20091223cvs-1.5
has caused the Debian Bug report #792571,
regarding tidy: CVE-2015-5522 and CVE-2015-5523
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
792571: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792571
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tidy
Version: 20091223cvs-1.2
Severity: important
Tags: security upstream patch
Hi,
the following vulnerabilities were published for tidy.
CVE-2015-5522[0]:
AddressSanitizer: heap-buffer-overflow WRITE of size 1
CVE-2015-5523[1]:
small file can lead to a 4 Gb allocation; potential DoS
A patch is provided by the tidy-html5 fork at [2].
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-5522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5522
[1] https://security-tracker.debian.org/tracker/CVE-2015-5523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5523
[2]
https://github.com/htacg/tidy-html5/commit/c18f27a58792f7fbd0b30a0ff50d6b40a82f940d
Cheers
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: tidy
Source-Version: 20091223cvs-1.5
We believe that the bug you reported is fixed in the latest version of
tidy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated tidy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 20 Jul 2015 16:33:00 +0200
Source: tidy
Binary: tidy libtidy-0.99-0 libtidy-dev tidy-doc
Architecture: source amd64 all
Version: 20091223cvs-1.5
Distribution: unstable
Urgency: high
Maintainer: Jason Thomas <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
libtidy-0.99-0 - HTML syntax checker and reformatter - library
libtidy-dev - HTML syntax checker and reformatter - development
tidy - HTML syntax checker and reformatter
tidy-doc - HTML syntax checker and reformatter - documentation
Closes: 792571
Changes:
tidy (20091223cvs-1.5) unstable; urgency=high
.
[ Alessandro Ghedini ]
* Fix heap buffer overflow and memory saturation on invalid HTML input
as per CVE-2015-5522 and CVE-2015-5523 (Closes: #792571)
Checksums-Sha1:
c5d21d17b2849fee5f44867a710f4c3e92058302 1885 tidy_20091223cvs-1.5.dsc
6577a19ed4e6a114c3631d2571def70030874976 8992 tidy_20091223cvs-1.5.diff.gz
0a76b3aaa1d1c6708a40f4fe5328cd49b7663a45 88796 tidy-doc_20091223cvs-1.5_all.deb
Checksums-Sha256:
14074e526faf120e4d7dfb5cc3896126f49023ac8298167fcb3ce5f8cedc3043 1885
tidy_20091223cvs-1.5.dsc
38d20f89180843304cce8cc51d78f656488bbf58bbb717804ac387bcc12978a7 8992
tidy_20091223cvs-1.5.diff.gz
71596f9c4442d5c3ff43fc9ffc16fbf7c411106e7165b85f929be7fe0f2bcaeb 88796
tidy-doc_20091223cvs-1.5_all.deb
Files:
96b9058dfb92e308d5e9448d59394c53 1885 web optional tidy_20091223cvs-1.5.dsc
dfb580037a34aa48f2aa49bf407edaba 8992 web optional tidy_20091223cvs-1.5.diff.gz
2a989f6410a0fd3d8395bc1a5b39339b 88796 doc optional
tidy-doc_20091223cvs-1.5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVrQi5AAoJEAVMuPMTQ89E2UoP/ihXgce51ojuH4ZT9Zf77nPa
crYEYtM4uqALxL43jlnaeV1undxO2x56eQFBLAfNIfJ4Jofc8c1gByyEHEmvVoXo
Cd/FIdFAxQv45pQSIIQu/Qmb70Z9gZUyteq19DlKmPSvFOqnDYmdVmFdM0V7B7f3
rED+70LjMJkc7zNq8uwCUBuBuZqBZUrKc07dshj6GbcatkYgfx3bPlbawNjOipoN
I2DzYmhx5zkY8vMEUJ34KmOfa0m+5/ak+BXzmPLuL6tTvDLb4xvNShMA+7RFRN3f
7NYocD9hdRaypM1imVvpjm1Olb5WyuuRatLs7EOneSEK7xbKilC09CspWHOIiZDs
KRNgkIHCrTiUPCXjDGZqHESv1RbrSD3jB/7jWVZZPNglBwaHv1pZYwOmjupUSl4a
X210bkkADtXzQltJq3IFXEVEAKvy/lK8BGvjBbzqA5WD0nJL1wSaARmQz0vm/G5g
rr0pE8jFCJujQjuSurrpik/vi3tnh/fHdJAQp8jvt0FH9uEdD9qyLJk63IjODYPh
HyAD4at90KUqGYwRqhAz4qsDWg9tJVh1lGb2OINKBHVk+lVbqQpdlAslTqXkdjlJ
sxtQ9JGf0BlVV4wVsf1E0b8N0GEovH8hWPtOkkkZPemkIUyu4Gu2f8IYcHn1/apE
cMgsADIW3zb9TuWEk0QL
=0Tte
-----END PGP SIGNATURE-----
--- End Message ---
