Source: tidy Version: 20091223cvs-1.2 Severity: important Tags: security upstream patch
Hi, the following vulnerabilities were published for tidy. CVE-2015-5522[0]: AddressSanitizer: heap-buffer-overflow WRITE of size 1 CVE-2015-5523[1]: small file can lead to a 4 Gb allocation; potential DoS A patch is provided by the tidy-html5 fork at [2]. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-5522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5522 [1] https://security-tracker.debian.org/tracker/CVE-2015-5523 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5523 [2] https://github.com/htacg/tidy-html5/commit/c18f27a58792f7fbd0b30a0ff50d6b40a82f940d Cheers
signature.asc
Description: Digital signature
