'[oss-security] CVE-2009-3627 assignment notification - HTML-Parser-3.63'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2009-3627 assignment notification - HTML-Parser-3.63
From:       Jan Lieskovsky <jlieskov () redhat ! com>
Date:       2009-10-23 18:59:44
Message-ID: 4AE1FD20.6070802 () redhat ! com
[Download RAW message or body]

Hello Steve, vendors,

   Mark Martinec reported a denial of service flaw ((infinite loop),
present in HTML-Parser in versions prior to 3.63,  while parsing
HTML entity with invalid UTF-8 character.

References:
-----------
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225
http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/HTML-Parser-3.63.tar.gz

Upstream patch:
---------------
http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c

Affected versions:
------------------
Issue was confirmed in 3.55 version of perl HTML-Parser module.

CVE identifier:
---------------
CVE identifier of CVE-2009-3627 has been already assigned to this issue.

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic