Your message dated Sun, 19 Jul 2015 19:17:12 +0000
with message-id <[email protected]>
and subject line Bug#792571: fixed in tidy 20091223cvs-1.4+deb8u1
has caused the Debian Bug report #792571,
regarding tidy: CVE-2015-5522 and CVE-2015-5523
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
792571: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792571
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tidy
Version: 20091223cvs-1.2
Severity: important
Tags: security upstream patch
Hi,
the following vulnerabilities were published for tidy.
CVE-2015-5522[0]:
AddressSanitizer: heap-buffer-overflow WRITE of size 1
CVE-2015-5523[1]:
small file can lead to a 4 Gb allocation; potential DoS
A patch is provided by the tidy-html5 fork at [2].
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-5522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5522
[1] https://security-tracker.debian.org/tracker/CVE-2015-5523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5523
[2]
https://github.com/htacg/tidy-html5/commit/c18f27a58792f7fbd0b30a0ff50d6b40a82f940d
Cheers
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: tidy
Source-Version: 20091223cvs-1.4+deb8u1
We believe that the bug you reported is fixed in the latest version of
tidy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alessandro Ghedini <[email protected]> (supplier of updated tidy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 15 Jul 2015 11:19:09 +0200
Source: tidy
Binary: tidy libtidy-0.99-0 libtidy-dev tidy-doc
Architecture: source all amd64
Version: 20091223cvs-1.4+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Jason Thomas <[email protected]>
Changed-By: Alessandro Ghedini <[email protected]>
Description:
libtidy-0.99-0 - HTML syntax checker and reformatter - library
libtidy-dev - HTML syntax checker and reformatter - development
tidy - HTML syntax checker and reformatter
tidy-doc - HTML syntax checker and reformatter - documentation
Closes: 792571
Changes:
tidy (20091223cvs-1.4+deb8u1) jessie-security; urgency=high
.
* Fix heap buffer overflow and memory saturation on invalid HTML input
as per CVE-2015-5522 and CVE-2015-5523 (Closes: #792571)
Checksums-Sha1:
9636c495071d54462387dfeaff29a9aeba1aa5d5 1913 tidy_20091223cvs-1.4+deb8u1.dsc
76fb4887bc08628e3dd6a26e0ebe48cf2d14fa05 786501 tidy_20091223cvs.orig.tar.gz
f472139d1bb3ebce43fa38968bc16da3f9df89e8 8951
tidy_20091223cvs-1.4+deb8u1.diff.gz
bcbbfa2df05cb8739ddc383c2c3cf7a44007e1bb 88988
tidy-doc_20091223cvs-1.4+deb8u1_all.deb
11eed01005bbe584cd7ed1cc9ebe573eb3f20518 26290
tidy_20091223cvs-1.4+deb8u1_amd64.deb
655466d3cb65a505b75394eb1ca8a87e423b365f 123014
libtidy-0.99-0_20091223cvs-1.4+deb8u1_amd64.deb
21dd3c636055b29d01ac4353c37ae1b1f182ab9b 143186
libtidy-dev_20091223cvs-1.4+deb8u1_amd64.deb
Checksums-Sha256:
c1a0d42b7a92500c4a8d78a204b379588362a5c2343e1223a155c8b17d211f59 1913
tidy_20091223cvs-1.4+deb8u1.dsc
6afa1dea4fe404f823aed60a4bc392db7d89fdd0ae3df0e06601765fbf3a45a4 786501
tidy_20091223cvs.orig.tar.gz
58f3584d6c6dc66459691a28d318d6973b24df06a20d58843778217b75663608 8951
tidy_20091223cvs-1.4+deb8u1.diff.gz
63eb84bcfa2d061cda4cb163124c7fa6e7ed6c95e5188e7a3c5adc09e04a8855 88988
tidy-doc_20091223cvs-1.4+deb8u1_all.deb
7e13626a3ae54c1c2eeb7f2958426f5c5f6808e7ce33f9ed6c4f0e81b3c1d444 26290
tidy_20091223cvs-1.4+deb8u1_amd64.deb
302aeff6efc328c474888f9d812dd20823ed97ac9fd651543b0573ef2ed6f152 123014
libtidy-0.99-0_20091223cvs-1.4+deb8u1_amd64.deb
412fa194b6d7053c074b1e832eb470d37a6b3c88fcd77d1f96e7c8458793c169 143186
libtidy-dev_20091223cvs-1.4+deb8u1_amd64.deb
Files:
3b10b9e3662e82bf9b3e6e39e9095d8a 1913 web optional
tidy_20091223cvs-1.4+deb8u1.dsc
c16246191b47153ce83226b7ae2c2975 786501 web optional
tidy_20091223cvs.orig.tar.gz
d135ea8582b5ac109256885215f7e53a 8951 web optional
tidy_20091223cvs-1.4+deb8u1.diff.gz
30fedb2c04fb1e344fd06bbc254658b1 88988 doc optional
tidy-doc_20091223cvs-1.4+deb8u1_all.deb
6326bb7c2d4306ed1bb4945c421c8776 26290 web optional
tidy_20091223cvs-1.4+deb8u1_amd64.deb
3b053586094b42bd64e76cc11f436cee 123014 libs optional
libtidy-0.99-0_20091223cvs-1.4+deb8u1_amd64.deb
3daf4471aa433ef134109d07669ad2a2 143186 libdevel optional
libtidy-dev_20091223cvs-1.4+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVqib7AAoJEK+lG9bN5XPLZ7cP/jWHL2RBayOkBpfVU1VO6J20
mX8NpvEP+hxhLPoREvMph1xsLYb7VKmnGKDDypJQeamfIDzMWHmBOL+ct+83WdDv
ZVyCKSLXErRo2WEwxyYkpXHyU3HDmKEXPnR3sn85CUmLfJBIt7c7MW7RjTd9XHOp
vKm4HnHyUIooC5paj7ZyKU4RzQYZHNgKI0WvqL7QLknDDZiaPSbMSn4SgXcjdj60
tT0j+LKrxlRUienR9PkJoXAv8hHC4uXhuMDi4RiqJHadAuI9Z5fZ17LLu/GgwwVO
ZvH7Q2FflryGlkafHAzddSSsGWV9yBYxLoO/Dr8TCKYlIwa2r6pL+1QuBN7wVv7V
quULC+8hfHFhFl7nYHgzwv8dee6aNrGEB4sJLiLJGudamIUzTURYWlC5VtJrpnED
yaiieDPotQg57TE9Ph5OHUXVZJZyoEMjouULy8P7RBKUIOXmWmYTHh/CTw2QVGly
MzHGsngPpENWfjYg+AXfQXY7Gd/3IXhpCudJyUZ2H5Ofk63BqCG0GZf6XoVxTqha
5oC3hFGTvj6qSSMyiwASIZZ3MOcma4LWtFf2+1c5ZpmTQbRKDLbgsBVwraXc2cTN
v1dTBrd5MEbU/2ON5sOK7BD5F2MmjzgrbMM8goTajc1r2m5ykQ74SJ5QGKtWb4wL
9ZG0BHm2BOOI8KF6Lvef
=d8F+
-----END PGP SIGNATURE-----
--- End Message ---
