Doh! diff attached... On Sat, Oct 24, 2009 at 03:10:10PM +0100, Cesare Gargano wrote: > Update to 3.63 > > "decode_entities confused by trailing incomplete entity > > Mark Martinec reported crashed when running SpamAssassin, given a > particular HTML junk mail to parse. The problem was caused by > HTML::Parsers decode_entities function confusing itself when it > encountered strings with incomplete entities at the end of the string." > > CVE-2009-3627: > http://permalink.gmane.org/gmane.comp.security.oss.general/2237 > > Patch: > http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c > > -- > Cesare
-- Cesare
Index: Makefile =================================================================== RCS file: /cvs/ports/www/p5-HTML-Parser/Makefile,v retrieving revision 1.34 diff -u -p Makefile --- Makefile 3 Oct 2009 09:13:45 -0000 1.34 +++ Makefile 24 Oct 2009 14:02:56 -0000 @@ -3,9 +3,9 @@ SHARED_ONLY= Yes COMMENT= modules to parse and extract information from HTML - + MODULES= cpan -DISTNAME= HTML-Parser-3.62 +DISTNAME= HTML-Parser-3.63 CATEGORIES= www RUN_DEPENDS= :p5-HTML-Tagset->=3:www/p5-HTML-Tagset Index: distinfo =================================================================== RCS file: /cvs/ports/www/p5-HTML-Parser/distinfo,v retrieving revision 1.13 diff -u -p distinfo --- distinfo 3 Oct 2009 09:13:45 -0000 1.13 +++ distinfo 24 Oct 2009 14:02:56 -0000 @@ -1,5 +1,5 @@ -MD5 (HTML-Parser-3.62.tar.gz) = Kq11Nnr1FzUU9WQSK6Aoxw== -RMD160 (HTML-Parser-3.62.tar.gz) = sJrROslOEJqFBLGLrBqVnPAkA4E= -SHA1 (HTML-Parser-3.62.tar.gz) = uNb5jOw5pC4YivJBxwX8L0mzCQ4= -SHA256 (HTML-Parser-3.62.tar.gz) = HUgW4Lh18vhBARgGKl24RCSjxR3nxUDxh2p3wkqG9ko= -SIZE (HTML-Parser-3.62.tar.gz) = 88412 +MD5 (HTML-Parser-3.63.tar.gz) = ZNHVRBHqcficO6sjv9FKvA== +RMD160 (HTML-Parser-3.63.tar.gz) = VIHWHVYMNWY/FmTaCzbbzpDIFgo= +SHA1 (HTML-Parser-3.63.tar.gz) = Ws/eIdNHlpJzWZLBwfjMlTXHGj0= +SHA256 (HTML-Parser-3.63.tar.gz) = unX4JfQxBIY5U1hrLxBU5misGf7Aan9ses9TaFAlthQ= +SIZE (HTML-Parser-3.63.tar.gz) = 88721
