Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 23 Oct 2009 20:59:44 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
CC: oss-security <oss-security@...ts.openwall.com>
Subject: CVE-2009-3627 assignment notification - HTML-Parser-3.63

Hello Steve, vendors,

   Mark Martinec reported a denial of service flaw ((infinite loop),
present in HTML-Parser in versions prior to 3.63,  while parsing
HTML entity with invalid UTF-8 character.

References:
-----------
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225
http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/HTML-Parser-3.63.tar.gz

Upstream patch:
---------------
http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c

Affected versions:
------------------
Issue was confirmed in 3.55 version of perl HTML-Parser module.

CVE identifier:
---------------
CVE identifier of CVE-2009-3627 has been already assigned to this issue.

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ