Package : tidy Version : 20091223cvs-1+deb6u1 CVE ID : CVE-2015-5522 CVE-2015-5523 Debian Bug : 792571
Fernando Muñoz discovered a security issue on the HTML syntax checker and
reformatter tidy. Tidy did not properly process specific character sequences,
and a remote attacker could exploit this flaw to cause a DoS, or probably,
execute arbitrary code. Two different CVEs were assigned to this issue.
CVE-2015-5522
Malformed html documents could lead to a heap-buffer-overflow.
CVE-2015-5523
Malformed html documents could lead to allocate 4Gb of memory.
For the Squeeze distribution, this issue has been fixed in the
20091223cvs-1+deb6u1 version of tidy.
We recommend that you upgrade your tidy packages.
signature.asc
Description: Digital signature
