UbuntuUpdates.org

Package "libtidy-dev"

Name: libtidy-dev

Description:

HTML/XML syntax checker and reformatter - development

Latest version: 2:5.6.0-11ubuntu0.20.04.1
Release: focal (20.04)
Level: security
Repository: main
Head package: tidy-html5
Homepage: https://www.html-tidy.org/

Links


Download "libtidy-dev"


Other versions of "libtidy-dev" in Focal

Repository Area Version
base main 2:5.6.0-11
updates main 2:5.6.0-11ubuntu0.20.04.1

Changelog

Version: 2:5.6.0-11ubuntu0.20.04.1 2023-11-15 16:10:07 UTC

  tidy-html5 (2:5.6.0-11ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: arbitrary code exec via recursive parsing
    - debian/patches/CVE-2021-33391-pre1.patch: introduce stack functions
      in src/lexer.c, src/lexer.h.
    - debian/patches/CVE-2021-33391.patch: refactor the recursion into a
      loop with a heap-based stack in src/gdoc.c.
    - CVE-2021-33391

 -- Marc Deslauriers <email address hidden> Fri, 10 Nov 2023 10:57:54 +0200

CVE-2021-33391 An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.



About   -   Send Feedback to @ubuntu_updates