Univention Bugzilla – Bug 39172
tidy: multiple issues (4.0)
Last modified: 2016-10-05 12:39:18 CEST
Fixed in upstream Debian package version 20091223cvs-1.2+deb7u1: * Denial of service due to a Heap-based buffer overflow by the ParseValue function in lexer.c while parsing a href containing command character (CVE-2015-5522) * Denial of service due to a large memory allocation by the ParseValue function in lexer.c while parsing specially whitespaced href statements (CVE-2015-5523)
* tidy20091223cvs-1.2+deb7u1 was imported and build to scope errata4.0-3. * Version patch was updated (4.0-0-0-ucs/20091223cvs-1.2+deb7u1-errata4.0-3/0001-bump-version-for-ucs400.patch). * YAML (r63405): 2015-09-02-tidy.yaml
Tests: OK YAML: OK
<http://errata.software-univention.de/ucs/4.0/310.html>