Bug 39172

Summary: tidy: multiple issues (4.0)
Product: UCS Reporter: Arvid Requate <requate>
Component: Security updatesAssignee: Daniel Tröder <troeder>
Status: CLOSED FIXED QA Contact: Stefan Gohmann <gohmann>
Severity: normal    
Priority: P5 CC: gohmann, walkenhorst
Version: UCS 4.0Flags: requate: Patch_Available+
Target Milestone: UCS 4.0-3-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Security
Max CVSS v3 score:
Bug Depends on:    
Bug Blocks: 39173, 42571    

Description Arvid Requate univentionstaff 2015-08-14 09:04:00 CEST 
Fixed in upstream Debian package version 20091223cvs-1.2+deb7u1:

* Denial of service due to a Heap-based buffer overflow by the ParseValue function in lexer.c while parsing a href containing command character (CVE-2015-5522)

* Denial of service due to a large memory allocation by the ParseValue function in lexer.c while parsing specially whitespaced href statements (CVE-2015-5523)
Comment 1 Daniel Tröder univentionstaff 2015-09-02 13:10:51 CEST 
* tidy20091223cvs-1.2+deb7u1  was imported and build to scope errata4.0-3.
* Version patch was updated (4.0-0-0-ucs/20091223cvs-1.2+deb7u1-errata4.0-3/0001-bump-version-for-ucs400.patch).
* YAML (r63405): 2015-09-02-tidy.yaml
Comment 2 Stefan Gohmann univentionstaff 2015-09-08 13:47:50 CEST 
Tests: OK

YAML: OK
Comment 3 Janek Walkenhorst univentionstaff 2015-09-09 12:52:25 CEST 
<http://errata.software-univention.de/ucs/4.0/310.html>