Bug#552531: libhtml-parser-perl: decode_entities confused by trailing incomplete entity can lead to DoS attacks
Salvatore Bonaccorso
salvatore.bonaccorso at gmail.com
Tue Oct 27 11:34:56 UTC 2009
tag 552531 + confirmed
found 552531 3.56-1
found 552531 3.55-1
thanks
Hi Raphael
On Mon, Oct 26, 2009 at 10:53:09PM -0600, Raphael Geissert wrote:
> Package: libhtml-parser-perl
> Version: 3.62-1
> Severity: grave
> Tags: security patch
>
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was published for
> libhtml-parser-perl: CVE-2009-3627.
>
> Quoting the commit fixing the bug[1]:
> > decode_entities confused by trailing incomplete entity
> >
> > Mark Martinec reported crashed when running SpamAssassin, given a
> > particular HTML junk mail to parse. The problem was caused by
> > HTML::Parsers decode_entities function confusing itself when it
> > encountered strings with incomplete entities at the end of the string.
>
> If you fix the vulnerability please also make sure to include the CVE id in
> your changelog entry. All the versions in the archive seem to be affected, as
> per the test case provided by upstream.
>
> For further information see:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3627
> http://security-tracker.debian.org/tracker/CVE-2009-3627
>
> [1]http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c
There is already a package for unstable which unfortunately was taged
before this. It is 3.64-1 thus the unstable version does not contain a
note on this in the changelog.
I will try to prepare also a fixed versions.
Bests
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20091027/c63b90bb/attachment.pgp>
More information about the pkg-perl-maintainers
mailing list