Update to 3.63 "decode_entities confused by trailing incomplete entity
Mark Martinec reported crashed when running SpamAssassin, given a particular HTML junk mail to parse. The problem was caused by HTML::Parsers decode_entities function confusing itself when it encountered strings with incomplete entities at the end of the string." CVE-2009-3627: http://permalink.gmane.org/gmane.comp.security.oss.general/2237 Patch: http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c -- Cesare
