[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2009-3627 assignment notification - HTML-Parser-3.63
From: Jan Lieskovsky <jlieskov () redhat ! com>
Date: 2009-10-23 18:59:44
Message-ID: 4AE1FD20.6070802 () redhat ! com
[Download RAW message or body]
Hello Steve, vendors,
Mark Martinec reported a denial of service flaw ((infinite loop),
present in HTML-Parser in versions prior to 3.63, while parsing
HTML entity with invalid UTF-8 character.
References:
-----------
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225
http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/HTML-Parser-3.63.tar.gz
Upstream patch:
---------------
http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c
Affected versions:
------------------
Issue was confirmed in 3.55 version of perl HTML-Parser module.
CVE identifier:
---------------
CVE identifier of CVE-2009-3627 has been already assigned to this issue.
Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic