Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: [email protected] Control: affects -1 + src:libhtml-gumbo-perl User: [email protected] Usertags: pu
[ Reason ] libhtml-gumbo-perl has a security issue in the version in bookworm. We don't feel that warrants a DSA, but would like to see it updated in bookworm before the final point release. Bug report for the security issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104789 CVE-2025-15646 [ Impact ] Users of this package will be exposed to this security issue. [ Tests ] The package has built in test cases, these all pass. The patch has been accepted upstream. [ Risks ] There is minimal risk. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] The change adds handling for the template HTML element. [ Other info ] I've been discussing this with Salvatore Bonaccorso.
diff -Nru libhtml-gumbo-perl-0.18/debian/changelog libhtml-gumbo-perl-0.18/debian/changelog --- libhtml-gumbo-perl-0.18/debian/changelog 2022-08-01 03:45:00.000000000 +1200 +++ libhtml-gumbo-perl-0.18/debian/changelog 2026-06-28 15:19:13.000000000 +1200 @@ -1,3 +1,12 @@ +libhtml-gumbo-perl (0.18-3+deb12u1) bookworm; urgency=medium + + * Team upload. + * [CVE-2025-15646] Add patch to fix wrong code path with GUMBO_NODE_TEMPLATE. + Thanks to Vincent Lefevre for the bug report and Niko Tyni for the patch. + (Closes: #1104789) + + -- Andrew Ruthven <[email protected]> Sun, 28 Jun 2026 15:19:13 +1200 + libhtml-gumbo-perl (0.18-3) unstable; urgency=medium [ gregor herrmann ] diff -Nru libhtml-gumbo-perl-0.18/debian/patches/0001-Fix-wrong-code-path-with-GUMBO_NODE_TEMPLATE.patch libhtml-gumbo-perl-0.18/debian/patches/0001-Fix-wrong-code-path-with-GUMBO_NODE_TEMPLATE.patch --- libhtml-gumbo-perl-0.18/debian/patches/0001-Fix-wrong-code-path-with-GUMBO_NODE_TEMPLATE.patch 1970-01-01 12:00:00.000000000 +1200 +++ libhtml-gumbo-perl-0.18/debian/patches/0001-Fix-wrong-code-path-with-GUMBO_NODE_TEMPLATE.patch 2026-06-28 15:19:05.000000000 +1200 @@ -0,0 +1,47 @@ +From 549609cd80784012c274c11731e6a31787d3555e Mon Sep 17 00:00:00 2001 +From: Niko Tyni <[email protected]> +Date: Sat, 17 May 2025 09:32:06 +0100 +Subject: [PATCH] Fix wrong code path with GUMBO_NODE_TEMPLATE + +GUMBO_NODE_TEMPLATE was introduced in Gumbo 0.10.0 but HTML-Gumbo has +not been updated to support that. + +This makes walk_tree() take the text node branch for templates +and access uninitialized memory. + +The gumbo C library seems to treat GUMBO_NODE_TEMPLATE very +similarly to GUMBO_NODE_ELEMENT. From + + https://sources.debian.org/src/gumbo-parser/0.13.0%2Bdfsg-2/src/gumbo.h/#L304 + + /** Template node. This is separate from GUMBO_NODE_ELEMENT because many + * client libraries will want to ignore the contents of template nodes, as + * the spec suggests. Recursing on GUMBO_NODE_ELEMENT will do the right thing + * here, while clients that want to include template contents should also + * check for GUMBO_NODE_TEMPLATE. v will be a GumboElement. */ + +So we add it to the list "special" container types in walk_tree() +that attach a GumboElement value rather than a GumboText. + +Bug-Debian: https://bugs.debian.org/1104789 +Bug: https://github.com/ruz/HTML-Gumbo/issues/6 +--- + lib/HTML/Gumbo.xs | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/HTML/Gumbo.xs b/lib/HTML/Gumbo.xs +index 97dfc43..32427d7 100644 +--- a/lib/HTML/Gumbo.xs ++++ b/lib/HTML/Gumbo.xs +@@ -38,7 +38,7 @@ typedef enum { + STATIC + void + walk_tree(pTHX_ GumboNode* node, int flags, void (*cb)(pTHX_ PerlHtmlGumboType, GumboNode*, void*), void* ctx ) { +- if ( node->type == GUMBO_NODE_DOCUMENT || node->type == GUMBO_NODE_ELEMENT ) { ++ if ( node->type == GUMBO_NODE_DOCUMENT || node->type == GUMBO_NODE_ELEMENT || node->type == GUMBO_NODE_TEMPLATE) { + GumboVector* children; + int skip = flags&PHG_FLAG_SKIP_ROOT_ELEMENT && node->type == GUMBO_NODE_ELEMENT && node->parent && node->parent->type == GUMBO_NODE_DOCUMENT; + if ( !skip ) { +-- +2.49.0 + diff -Nru libhtml-gumbo-perl-0.18/debian/patches/series libhtml-gumbo-perl-0.18/debian/patches/series --- libhtml-gumbo-perl-0.18/debian/patches/series 2022-08-01 03:45:00.000000000 +1200 +++ libhtml-gumbo-perl-0.18/debian/patches/series 2026-06-28 15:19:05.000000000 +1200 @@ -1,2 +1,3 @@ no-alien-libgumbo.patch tree_to_callback-don-t-check-document-nodes-for-void.patch +0001-Fix-wrong-code-path-with-GUMBO_NODE_TEMPLATE.patch

