-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3296-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta January 31, 2023 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : libhtml-stripscripts-perl Version : 1.06-1+deb10u1 CVE ID : CVE-2023-24038 Debian Bug : 1029400 HTML::StripScripts, a module for removing scripts from HTML, allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. For Debian 10 buster, this problem has been fixed in version 1.06-1+deb10u1. We recommend that you upgrade your libhtml-stripscripts-perl packages. For the detailed security status of libhtml-stripscripts-perl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libhtml-stripscripts-perl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmPYN8oACgkQgj6WdgbD S5b3gA//d34hnkLy9tB4KQyTR+bKFZo7sWZrR/FMHM9bQLoAvxV8tNY85KGFrV8Y rWxjzWPVnUXUo5hdiB15zb9lA/aZ7LA1ceRrRSDPGTTSz+pvRUanE+0AVpioqh4o qYCtpkNiMpoJSRHg4mWhdZ5sR1owGmWB2+eweLl0sOWOklQSQe388Gz8LbWCnjVz MwaMY8VLqtnvknMwG7l2hQ7HRsDmroKkSXRidLd8xz7wu1Kz6WpIuklQFgddCaDV /SsCbUHlvdEK84SwmDRy6qx7MjQjQ1nqZ6JHu1DE8NhRz8dz/YbwAgL1IxHnuLZF bE2LGwE6woC9i+xpqOw82cwhtwTQCDunXcZMVVNpxSgU9can8EbAYjXMrzwsA1PC sFXYa/G2dtgXR5aYjsSOAoXfOxfErvMlP9VnL3jzduit9oD19fGCvmv4DmMR8MfD O+s2nSDX+XWT7xdavDLH+a9Htznsp5dLRtBJCC7YiVhwd7yJtRGbCPe4Omvw+n+B 7OWPqGcQVYPcdCQkd+Q32HRVvsBl3ZirA5HIEioGIlxhRgVHIpASVEAGrYqfvyda YgcW7pmk2p1SG1SJU/B/rhRbOFvMySsniddrQk+CAEXwmSiQNbgQi6GkbZTDbyMs HnhM69baEcDGG+eAY2Trj7bXlaClD3HbYlTTCagtZAWyabYB6Vw= =RyFQ -----END PGP SIGNATURE-----
