UbuntuUpdates.org

Package "libtidy5deb1"

Name: libtidy5deb1

Description:

HTML/XML syntax checker and reformatter - shared library

Latest version: 2:5.6.0-11ubuntu0.20.04.1
Release: focal (20.04)
Level: updates
Repository: main
Head package: tidy-html5
Homepage: https://www.html-tidy.org/

Links


Download "libtidy5deb1"


Other versions of "libtidy5deb1" in Focal

Repository Area Version
base main 2:5.6.0-11
security main 2:5.6.0-11ubuntu0.20.04.1

Changelog

Version: 2:5.6.0-11ubuntu0.20.04.1 2023-11-15 17:08:43 UTC

  tidy-html5 (2:5.6.0-11ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: arbitrary code exec via recursive parsing
    - debian/patches/CVE-2021-33391-pre1.patch: introduce stack functions
      in src/lexer.c, src/lexer.h.
    - debian/patches/CVE-2021-33391.patch: refactor the recursion into a
      loop with a heap-based stack in src/gdoc.c.
    - CVE-2021-33391

 -- Marc Deslauriers <email address hidden> Fri, 10 Nov 2023 10:57:54 +0200

CVE-2021-33391 An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.



About   -   Send Feedback to @ubuntu_updates