Hi As discussed with Giuseppe Iuculano on IRC on #debian-it I updated the debdiff as needed, removing myself again from Uploaders and updating the remaining changelog accordingly.
The current debdiff is attached, for the lenny version (etch version is still missing). Bests and thanks for reviewing Salvatore
diff -u libhtml-parser-perl-3.56/debian/changelog libhtml-parser-perl-3.56/debian/changelog --- libhtml-parser-perl-3.56/debian/changelog +++ libhtml-parser-perl-3.56/debian/changelog @@ -1,3 +1,10 @@ +libhtml-parser-perl (3.56-1+lenny1) stable-security; urgency=high + + * Fix decode_entities which can be confused by trailing incomplete entity + and leading to potential DoS attacks - CVE-2009-3627 (Closes: #552531). + + -- Salvatore Bonaccorso <salvatore.bonacco...@gmail.com> Tue, 27 Oct 2009 21:43:51 +0100 + libhtml-parser-perl (3.56-1) unstable; urgency=low * New upstream release only in patch2: unchanged: --- libhtml-parser-perl-3.56.orig/util.c +++ libhtml-parser-perl-3.56/util.c @@ -95,14 +95,14 @@ ent_start = s; repl = 0; - if (*s == '#') { + if (s < end && *s == '#') { UV num = 0; UV prev = 0; int ok = 0; s++; - if (*s == 'x' || *s == 'X') { + if (s < end && (*s == 'x' || *s == 'X')) { s++; - while (*s) { + while (s < end) { char *tmp = strchr(PL_hexdigit, *s); if (!tmp) break; @@ -118,7 +118,7 @@ } } else { - while (isDIGIT(*s)) { + while (s < end && isDIGIT(*s)) { num = num * 10 + (*s - '0'); if (prev && num < prev) { /* overflow */ @@ -181,7 +181,7 @@ } else { char *ent_name = s; - while (isALNUM(*s)) + while (s < end && isALNUM(*s)) s++; if (ent_name != s && entity2char) { SV** svp; @@ -217,7 +217,7 @@ if (repl) { char *repl_allocated = 0; - if (*s == ';') + if (s < end && *s == ';') s++; t--; /* '&' already copied, undo it */ only in patch2: unchanged: --- libhtml-parser-perl-3.56.orig/t/entities.t +++ libhtml-parser-perl-3.56/t/entities.t @@ -1,6 +1,6 @@ use HTML::Entities qw(decode_entities encode_entities encode_entities_numeric); -use Test::More tests => 12; +use Test::More tests => 13; $a = "Våre norske tegn bør æres"; @@ -66,6 +66,8 @@ is(decode_entities("'"), "'"); is(encode_entities("'", "'"), "'"); +is(decode_entities("Attention Homeοωnөrs...1ѕt Tімe Eνөг"), + "Attention Home\x{3BF}\x{3C9}n\x{4E9}rs...1\x{455}t T\x{456}\x{43C}e E\x{3BD}\x{4E9}\x{433}"); __END__ # Quoted from rfc1866.txt
signature.asc
Description: Digital signature