Your message dated Sun, 19 Jul 2015 19:17:41 +0000
with message-id <[email protected]>
and subject line Bug#792571: fixed in tidy 20091223cvs-1.2+deb7u1
has caused the Debian Bug report #792571,
regarding tidy: CVE-2015-5522 and CVE-2015-5523
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
792571: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792571
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tidy
Version: 20091223cvs-1.2
Severity: important
Tags: security upstream patch
Hi,
the following vulnerabilities were published for tidy.
CVE-2015-5522[0]:
AddressSanitizer: heap-buffer-overflow WRITE of size 1
CVE-2015-5523[1]:
small file can lead to a 4 Gb allocation; potential DoS
A patch is provided by the tidy-html5 fork at [2].
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-5522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5522
[1] https://security-tracker.debian.org/tracker/CVE-2015-5523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5523
[2]
https://github.com/htacg/tidy-html5/commit/c18f27a58792f7fbd0b30a0ff50d6b40a82f940d
Cheers
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: tidy
Source-Version: 20091223cvs-1.2+deb7u1
We believe that the bug you reported is fixed in the latest version of
tidy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alessandro Ghedini <[email protected]> (supplier of updated tidy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 18 Jul 2015 15:22:34 +0200
Source: tidy
Binary: tidy libtidy-0.99-0 libtidy-dev tidy-doc
Architecture: source all amd64
Version: 20091223cvs-1.2+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Jason Thomas <[email protected]>
Changed-By: Alessandro Ghedini <[email protected]>
Description:
libtidy-0.99-0 - HTML syntax checker and reformatter - library
libtidy-dev - HTML syntax checker and reformatter - development
tidy - HTML syntax checker and reformatter
tidy-doc - HTML syntax checker and reformatter - documentation
Closes: 792571
Changes:
tidy (20091223cvs-1.2+deb7u1) wheezy-security; urgency=high
.
* Fix heap buffer overflow and memory saturation on invalid HTML input
as per CVE-2015-5522 and CVE-2015-5523 (Closes: #792571)
Checksums-Sha1:
3a81c6557bfcda4f002398d10f099e435788cdb6 1889 tidy_20091223cvs-1.2+deb7u1.dsc
1f378feed766131f26f583da11878fcff3b7c941 8772
tidy_20091223cvs-1.2+deb7u1.diff.gz
9957c3737986c5a8f74ba8941697574c2c806339 101014
tidy-doc_20091223cvs-1.2+deb7u1_all.deb
e6d4a5ac510345d226ddab9f01fc56973dc64169 28370
tidy_20091223cvs-1.2+deb7u1_amd64.deb
47fc8399f6efa83186746230a00601097772ca79 154696
libtidy-0.99-0_20091223cvs-1.2+deb7u1_amd64.deb
5d673800de57aee5148fef45a61a324979efc2b6 193892
libtidy-dev_20091223cvs-1.2+deb7u1_amd64.deb
Checksums-Sha256:
d5a5dabf78174fc285d5000b6023da29973fed1ea20aff8a9024986f0df847b1 1889
tidy_20091223cvs-1.2+deb7u1.dsc
c6a266c37ce89142ce7b6f1b9797682823e86b03dc56c608f397c53a5388bc2b 8772
tidy_20091223cvs-1.2+deb7u1.diff.gz
8052f1009ec05b5ff0e2eaa096e147fc0f4e64eee24cd717785945c9ebd54eda 101014
tidy-doc_20091223cvs-1.2+deb7u1_all.deb
101609c2aeaed6fe04310ba8ab37e03b4b51de9cec1670d2049c32887b3e389c 28370
tidy_20091223cvs-1.2+deb7u1_amd64.deb
2ae130639ab3ceab5374827492c78815723fa64d307c5ef2d29298b1f75661e6 154696
libtidy-0.99-0_20091223cvs-1.2+deb7u1_amd64.deb
c1ee345fd29fd08b9d93084390186a98f73d59d6e4f74b149ada22bd36eb037d 193892
libtidy-dev_20091223cvs-1.2+deb7u1_amd64.deb
Files:
b4b8ae782a1fa798b26a77ce196e1894 1889 web optional
tidy_20091223cvs-1.2+deb7u1.dsc
16ce5e7239ac9f40ba30fd738ffe8bf7 8772 web optional
tidy_20091223cvs-1.2+deb7u1.diff.gz
19a0800e3b08f36f71068d125b024171 101014 doc optional
tidy-doc_20091223cvs-1.2+deb7u1_all.deb
68da7766aef7496aadf8dd86c31d9a64 28370 web optional
tidy_20091223cvs-1.2+deb7u1_amd64.deb
8f0c415749bf3d22c972885ae4c9aac0 154696 libs optional
libtidy-0.99-0_20091223cvs-1.2+deb7u1_amd64.deb
bc3d074e2a910fd9a3e2d22dfcd38e91 193892 libdevel optional
libtidy-dev_20091223cvs-1.2+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVqlWLAAoJEK+lG9bN5XPLspMP+wX/IK85iwTWlwSPEWAYDDeS
HAOV9ulEcTgijkqG7afzEkNlCwklINvqISrpYQRUSwKwpd5kUI9LEplwA/ivOR6T
XNdZR9XB2Yg1fqx7v1gYX4VLFJQwAUkZ5V6bgjCJ7MxFAkTL+NE80S1vEKz4fyl9
J6/bYZFAFqOJ4sKSNno4Zwtj/XmaYXPctlrxIEqGTI9SiBN55kRyuVW5aVBm902V
DPgfE1hHOb+gFdKe2ZOAz6/WYCvfo8NmdVlfsFy9yGqys/WZ97njx/3Z6j/UnCK1
++kNC3zEVZJT6M8Bti5CllNU9iK8IEvOWUsnHRFcYZw6cQQ6fd4cWviIhgEHczMs
Gb5pH8EA2omJ9czJMJLxp9Q1WhXvt1aOVOaGtu5fPalKuJxtbNGLKuOR21pl9IbH
qd/FNlG947i+Ypf4o+kXPO8QPiuhC7MmldZElEwOfcomW9LWoZlfmjjCwAsV5K4B
BgDWi4EcNdSt59NPVZFgOAzd6yNltKsdjjz9iHzKEa63FQQsMmNPtnMzoREjiJYl
FWPkbe55e302jM7U87/TeXhPndqt7bcwOPOLORX/TtkAP5YG8mNiTQ9//w6Ge/Il
rLARgELxWvEjrNch3Jtbgz1QLTneGX+6s6sqgOFkB7WBLmA/O4IbyKvAVqtq4noN
y9S4+YCQwChdl/mJ7mJH
=eC5N
-----END PGP SIGNATURE-----
--- End Message ---
