tag 552531 + confirmed found 552531 3.56-1 found 552531 3.55-1 thanks
Hi Raphael On Mon, Oct 26, 2009 at 10:53:09PM -0600, Raphael Geissert wrote: > Package: libhtml-parser-perl > Version: 3.62-1 > Severity: grave > Tags: security patch > > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was published for > libhtml-parser-perl: CVE-2009-3627. > > Quoting the commit fixing the bug[1]: > > decode_entities confused by trailing incomplete entity > > > > Mark Martinec reported crashed when running SpamAssassin, given a > > particular HTML junk mail to parse. The problem was caused by > > HTML::Parsers decode_entities function confusing itself when it > > encountered strings with incomplete entities at the end of the string. > > If you fix the vulnerability please also make sure to include the CVE id in > your changelog entry. All the versions in the archive seem to be affected, as > per the test case provided by upstream. > > For further information see: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3627 > http://security-tracker.debian.org/tracker/CVE-2009-3627 > > [1]http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c There is already a package for unstable which unfortunately was taged before this. It is 3.64-1 thus the unstable version does not contain a note on this in the changelog. I will try to prepare also a fixed versions. Bests Salvatore
signature.asc
Description: Digital signature
