Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 23 Oct 2009 20:59:44 +0200
From: Jan Lieskovsky <>
To: "Steven M. Christey" <>
CC: oss-security <>
Subject: CVE-2009-3627 assignment notification - HTML-Parser-3.63

Hello Steve, vendors,

   Mark Martinec reported a denial of service flaw ((infinite loop),
present in HTML-Parser in versions prior to 3.63,  while parsing
HTML entity with invalid UTF-8 character.


Upstream patch:

Affected versions:
Issue was confirmed in 3.55 version of perl HTML-Parser module.

CVE identifier:
CVE identifier of CVE-2009-3627 has been already assigned to this issue.

Thanks && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ