Package: libhtml-parser-perl Version: 3.62-1 Severity: grave Tags: security patch
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for libhtml-parser-perl: CVE-2009-3627. Quoting the commit fixing the bug[1]: > decode_entities confused by trailing incomplete entity > > Mark Martinec reported crashed when running SpamAssassin, given a > particular HTML junk mail to parse. The problem was caused by > HTML::Parsers decode_entities function confusing itself when it > encountered strings with incomplete entities at the end of the string. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. All the versions in the archive seem to be affected, as per the test case provided by upstream. For further information see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3627 http://security-tracker.debian.org/tracker/CVE-2009-3627 [1]http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
