Debian Bug report logs -
#792571
tidy: CVE-2015-5522 and CVE-2015-5523
Reported by: Alessandro Ghedini <ghedo@debian.org>
Date: Thu, 16 Jul 2015 11:33:01 UTC
Severity: important
Tags: jessie, patch, security, sid, squeeze, stretch, upstream, wheezy
Found in versions tidy/20091223cvs-1.2, tidy/20091223cvs-1
Fixed in versions tidy/20091223cvs-1+deb6u1, tidy/20091223cvs-1.4+deb8u1, tidy/20091223cvs-1.2+deb7u1, tidy/20091223cvs-1.5
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Jason Thomas <jason@debian.org>:
Bug#792571; Package src:tidy.
(Thu, 16 Jul 2015 11:33:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Alessandro Ghedini <ghedo@debian.org>:
New Bug report received and forwarded. Copy sent to Jason Thomas <jason@debian.org>.
(Thu, 16 Jul 2015 11:33:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: tidy
Version: 20091223cvs-1.2
Severity: important
Tags: security upstream patch
Hi,
the following vulnerabilities were published for tidy.
CVE-2015-5522[0]:
AddressSanitizer: heap-buffer-overflow WRITE of size 1
CVE-2015-5523[1]:
small file can lead to a 4 Gb allocation; potential DoS
A patch is provided by the tidy-html5 fork at [2].
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-5522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5522
[1] https://security-tracker.debian.org/tracker/CVE-2015-5523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5523
[2] https://github.com/htacg/tidy-html5/commit/c18f27a58792f7fbd0b30a0ff50d6b40a82f940d
Cheers
[signature.asc (application/pgp-signature, inline)]
Marked as found in versions tidy/20091223cvs-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sat, 18 Jul 2015 13:42:03 GMT) (full text, mbox, link).
Marked as fixed in versions tidy/20091223cvs-1+deb6u1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sat, 18 Jul 2015 13:42:04 GMT) (full text, mbox, link).
Reply sent
to Alessandro Ghedini <ghedo@debian.org>:
You have taken responsibility.
(Sun, 19 Jul 2015 19:18:34 GMT) (full text, mbox, link).
Notification sent
to Alessandro Ghedini <ghedo@debian.org>:
Bug acknowledged by developer.
(Sun, 19 Jul 2015 19:18:35 GMT) (full text, mbox, link).
Message #14 received at 792571-close@bugs.debian.org (full text, mbox, reply):
Source: tidy
Source-Version: 20091223cvs-1.4+deb8u1
We believe that the bug you reported is fixed in the latest version of
tidy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 792571@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alessandro Ghedini <ghedo@debian.org> (supplier of updated tidy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 15 Jul 2015 11:19:09 +0200
Source: tidy
Binary: tidy libtidy-0.99-0 libtidy-dev tidy-doc
Architecture: source all amd64
Version: 20091223cvs-1.4+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Jason Thomas <jason@debian.org>
Changed-By: Alessandro Ghedini <ghedo@debian.org>
Description:
libtidy-0.99-0 - HTML syntax checker and reformatter - library
libtidy-dev - HTML syntax checker and reformatter - development
tidy - HTML syntax checker and reformatter
tidy-doc - HTML syntax checker and reformatter - documentation
Closes: 792571
Changes:
tidy (20091223cvs-1.4+deb8u1) jessie-security; urgency=high
.
* Fix heap buffer overflow and memory saturation on invalid HTML input
as per CVE-2015-5522 and CVE-2015-5523 (Closes: #792571)
Checksums-Sha1:
9636c495071d54462387dfeaff29a9aeba1aa5d5 1913 tidy_20091223cvs-1.4+deb8u1.dsc
76fb4887bc08628e3dd6a26e0ebe48cf2d14fa05 786501 tidy_20091223cvs.orig.tar.gz
f472139d1bb3ebce43fa38968bc16da3f9df89e8 8951 tidy_20091223cvs-1.4+deb8u1.diff.gz
bcbbfa2df05cb8739ddc383c2c3cf7a44007e1bb 88988 tidy-doc_20091223cvs-1.4+deb8u1_all.deb
11eed01005bbe584cd7ed1cc9ebe573eb3f20518 26290 tidy_20091223cvs-1.4+deb8u1_amd64.deb
655466d3cb65a505b75394eb1ca8a87e423b365f 123014 libtidy-0.99-0_20091223cvs-1.4+deb8u1_amd64.deb
21dd3c636055b29d01ac4353c37ae1b1f182ab9b 143186 libtidy-dev_20091223cvs-1.4+deb8u1_amd64.deb
Checksums-Sha256:
c1a0d42b7a92500c4a8d78a204b379588362a5c2343e1223a155c8b17d211f59 1913 tidy_20091223cvs-1.4+deb8u1.dsc
6afa1dea4fe404f823aed60a4bc392db7d89fdd0ae3df0e06601765fbf3a45a4 786501 tidy_20091223cvs.orig.tar.gz
58f3584d6c6dc66459691a28d318d6973b24df06a20d58843778217b75663608 8951 tidy_20091223cvs-1.4+deb8u1.diff.gz
63eb84bcfa2d061cda4cb163124c7fa6e7ed6c95e5188e7a3c5adc09e04a8855 88988 tidy-doc_20091223cvs-1.4+deb8u1_all.deb
7e13626a3ae54c1c2eeb7f2958426f5c5f6808e7ce33f9ed6c4f0e81b3c1d444 26290 tidy_20091223cvs-1.4+deb8u1_amd64.deb
302aeff6efc328c474888f9d812dd20823ed97ac9fd651543b0573ef2ed6f152 123014 libtidy-0.99-0_20091223cvs-1.4+deb8u1_amd64.deb
412fa194b6d7053c074b1e832eb470d37a6b3c88fcd77d1f96e7c8458793c169 143186 libtidy-dev_20091223cvs-1.4+deb8u1_amd64.deb
Files:
3b10b9e3662e82bf9b3e6e39e9095d8a 1913 web optional tidy_20091223cvs-1.4+deb8u1.dsc
c16246191b47153ce83226b7ae2c2975 786501 web optional tidy_20091223cvs.orig.tar.gz
d135ea8582b5ac109256885215f7e53a 8951 web optional tidy_20091223cvs-1.4+deb8u1.diff.gz
30fedb2c04fb1e344fd06bbc254658b1 88988 doc optional tidy-doc_20091223cvs-1.4+deb8u1_all.deb
6326bb7c2d4306ed1bb4945c421c8776 26290 web optional tidy_20091223cvs-1.4+deb8u1_amd64.deb
3b053586094b42bd64e76cc11f436cee 123014 libs optional libtidy-0.99-0_20091223cvs-1.4+deb8u1_amd64.deb
3daf4471aa433ef134109d07669ad2a2 143186 libdevel optional libtidy-dev_20091223cvs-1.4+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVqib7AAoJEK+lG9bN5XPLZ7cP/jWHL2RBayOkBpfVU1VO6J20
mX8NpvEP+hxhLPoREvMph4xsLYb7VKmnGKDDypJQeamfIDzMWHmBOL+ct+83WdDv
ZVyCKSLXErRo2WEwxyYkpXHyU3HDmKEXPnR3sn85CUmLfJBIt7c7MW7RjTd9XHOp
vKm4HnHyUIooC5paj7ZyKU4RzQYZHNgKI0WvqL7QLknDDZiaPSbMSn4SgXcjdj60
tT0j+LKrxlRUienR9PkJoXAv8hHC4uXhuMDi4RiqJHadAuI9Z5fZ17LLu/GgwwVO
ZvH7Q2FflryGlkafHAzddSSsGWV9yBYxLoO/Dr8TCKYlIwa2r6pL+1QuBN7wVv7V
quULC+8hfHFhFl7nYHgzwv8dee6aNrGEB4sJLiLJGudamIUzTURYWlC5VtJrpnED
yaiieDPotQg57TE9Ph5OHUXVZJZyoEMjouULy8P7RBKUIOXmWmYTHh/CTw2QVGly
MzHGsngPpENWfjYg+AXfQXY7Gd/3IXhpCudJyUZ2H5Ofk63BqCG0GZf6XoVxTqha
5oC3hFGTvj6qSSMyiwASIZZ3MOcma4LWtFf2+1c5ZpmTQbRKDLbgsBVwraXc2cTN
v1dTBrd5MEbU/2ON5sOK7BD5F2MmjzgrbMM8goTajc1r2m5ykQ74SJ5QGKtWb4wL
9ZG0BHm2BOOI8KF6Lvef
=d8F+
-----END PGP SIGNATURE-----
Reply sent
to Alessandro Ghedini <ghedo@debian.org>:
You have taken responsibility.
(Sun, 19 Jul 2015 19:18:38 GMT) (full text, mbox, link).
Notification sent
to Alessandro Ghedini <ghedo@debian.org>:
Bug acknowledged by developer.
(Sun, 19 Jul 2015 19:18:38 GMT) (full text, mbox, link).
Message #19 received at 792571-close@bugs.debian.org (full text, mbox, reply):
Source: tidy
Source-Version: 20091223cvs-1.2+deb7u1
We believe that the bug you reported is fixed in the latest version of
tidy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 792571@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alessandro Ghedini <ghedo@debian.org> (supplier of updated tidy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 18 Jul 2015 15:22:34 +0200
Source: tidy
Binary: tidy libtidy-0.99-0 libtidy-dev tidy-doc
Architecture: source all amd64
Version: 20091223cvs-1.2+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Jason Thomas <jason@debian.org>
Changed-By: Alessandro Ghedini <ghedo@debian.org>
Description:
libtidy-0.99-0 - HTML syntax checker and reformatter - library
libtidy-dev - HTML syntax checker and reformatter - development
tidy - HTML syntax checker and reformatter
tidy-doc - HTML syntax checker and reformatter - documentation
Closes: 792571
Changes:
tidy (20091223cvs-1.2+deb7u1) wheezy-security; urgency=high
.
* Fix heap buffer overflow and memory saturation on invalid HTML input
as per CVE-2015-5522 and CVE-2015-5523 (Closes: #792571)
Checksums-Sha1:
3a81c6557bfcda4f002398d10f099e435788cdb6 1889 tidy_20091223cvs-1.2+deb7u1.dsc
1f378feed766131f26f583da11878fcff3b7c941 8772 tidy_20091223cvs-1.2+deb7u1.diff.gz
9957c3737986c5a8f74ba8941697574c2c806339 101014 tidy-doc_20091223cvs-1.2+deb7u1_all.deb
e6d4a5ac510345d226ddab9f01fc56973dc64169 28370 tidy_20091223cvs-1.2+deb7u1_amd64.deb
47fc8399f6efa83186746230a00601097772ca79 154696 libtidy-0.99-0_20091223cvs-1.2+deb7u1_amd64.deb
5d673800de57aee5148fef45a61a324979efc2b6 193892 libtidy-dev_20091223cvs-1.2+deb7u1_amd64.deb
Checksums-Sha256:
d5a5dabf78174fc285d5000b6023da29973fed1ea20aff8a9024986f0df847b1 1889 tidy_20091223cvs-1.2+deb7u1.dsc
c6a266c37ce89142ce7b6f1b9797682823e86b03dc56c608f397c53a5388bc2b 8772 tidy_20091223cvs-1.2+deb7u1.diff.gz
8052f1009ec05b5ff0e2eaa096e147fc0f4e64eee24cd717785945c9ebd54eda 101014 tidy-doc_20091223cvs-1.2+deb7u1_all.deb
101609c2aeaed6fe04310ba8ab37e03b4b51de9cec1670d2049c32887b3e389c 28370 tidy_20091223cvs-1.2+deb7u1_amd64.deb
2ae130639ab3ceab5374827492c78815723fa64d307c5ef2d29298b1f75661e6 154696 libtidy-0.99-0_20091223cvs-1.2+deb7u1_amd64.deb
c1ee345fd29fd08b9d93084390186a98f73d59d6e4f74b149ada22bd36eb037d 193892 libtidy-dev_20091223cvs-1.2+deb7u1_amd64.deb
Files:
b4b8ae782a1fa798b26a77ce196e1894 1889 web optional tidy_20091223cvs-1.2+deb7u1.dsc
16ce5e7239ac9f40ba30fd738ffe8bf7 8772 web optional tidy_20091223cvs-1.2+deb7u1.diff.gz
19a0800e3b08f36f71068d125b024171 101014 doc optional tidy-doc_20091223cvs-1.2+deb7u1_all.deb
68da7766aef7496aadf8dd86c31d9a64 28370 web optional tidy_20091223cvs-1.2+deb7u1_amd64.deb
8f0c415749bf3d22c972885ae4c9aac0 154696 libs optional libtidy-0.99-0_20091223cvs-1.2+deb7u1_amd64.deb
bc3d074e2a910fd9a3e2d22dfcd38e91 193892 libdevel optional libtidy-dev_20091223cvs-1.2+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVqlWLAAoJEK+lG9bN5XPLspMP+wX/IK85iwTWlwSPEWAYDDeS
HAOV9ulEcTgijkqG7afzEkNlCwklINvqISrpYQRUSwKwpd5kUI9LEplwA/ivOR6T
XNdZR9XB2Yg1fqx7v1gYX4VLFJQwAUkZ5V6bgjCJ7MxFAkTL+NE80S1vEKz4fyl9
J6/bYZFAFqOJ4sKSNno4Zwtj/XmaYXPctlrxIEqGTI9SiBN55kRyuVW5aVBm902V
DPgfE1hHOb+gFdKe2ZOAz6/WYCvfo8NmdVlfsFy9yGqys/WZ97njx/3Z6j/UnCK1
++kNC3zEVZJT6M8Bti5CllNU9iK8IEvOWUsnHRFcYZw6cQQ6fd4cWviIhgEHczMs
Gb5pH8EA2omJ9czJMJLxp9Q1WhXvt1aOVOaGtu5fPalKuJxtbNGLKuOR21pl9IbH
qd/FNlG947i+Ypf4o+kXPO8QPiuhC7MmldZElEwOfcomW9LWoZlfmjjCwAsV5K4B
BgDWi4EcNdSt59NPVZFgOAzd6yNltKsdjjz9iHzKEa63FQQsMmNPtnMzoREjiJYl
FWPkbe55e302jM7U87/TeXhPndqt7bcwOPOLORX/TtkAP5YG8mNiTQ9//w6Ge/Il
rLARgELxWvEjrNch4Jtbgz1QLTneGX+6s6sqgOFkB7WBLmA/O4IbyKvAVqtq4noN
y9S4+YCQwChdl/mJ7mJH
=eC5N
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Jason Thomas <jason@debian.org>:
Bug#792571; Package src:tidy.
(Mon, 20 Jul 2015 15:06:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Jason Thomas <jason@debian.org>.
(Mon, 20 Jul 2015 15:06:06 GMT) (full text, mbox, link).
Message #24 received at 792571@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags 792571 + pending
Dear maintainer,
I've prepared an NMU for tidy (versioned as 20091223cvs-1.5) and
uploaded it to DELAYED/2, based on the debdiff which Alessandro
prepared for the jessie-security upload. Please feel free to tell me
if I should delay it longer.
Regards,
Salvatore
[tidy-20091223cvs-1.5-nmu.diff (text/x-diff, attachment)]
Added tag(s) pending.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 792571-submit@bugs.debian.org.
(Mon, 20 Jul 2015 15:06:06 GMT) (full text, mbox, link).
Added tag(s) stretch, sid, squeeze, jessie, and wheezy.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 20 Jul 2015 15:12:04 GMT) (full text, mbox, link).
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Wed, 22 Jul 2015 15:42:13 GMT) (full text, mbox, link).
Notification sent
to Alessandro Ghedini <ghedo@debian.org>:
Bug acknowledged by developer.
(Wed, 22 Jul 2015 15:42:13 GMT) (full text, mbox, link).
Message #33 received at 792571-close@bugs.debian.org (full text, mbox, reply):
Source: tidy
Source-Version: 20091223cvs-1.5
We believe that the bug you reported is fixed in the latest version of
tidy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 792571@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated tidy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 20 Jul 2015 16:33:00 +0200
Source: tidy
Binary: tidy libtidy-0.99-0 libtidy-dev tidy-doc
Architecture: source amd64 all
Version: 20091223cvs-1.5
Distribution: unstable
Urgency: high
Maintainer: Jason Thomas <jason@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
libtidy-0.99-0 - HTML syntax checker and reformatter - library
libtidy-dev - HTML syntax checker and reformatter - development
tidy - HTML syntax checker and reformatter
tidy-doc - HTML syntax checker and reformatter - documentation
Closes: 792571
Changes:
tidy (20091223cvs-1.5) unstable; urgency=high
.
[ Alessandro Ghedini ]
* Fix heap buffer overflow and memory saturation on invalid HTML input
as per CVE-2015-5522 and CVE-2015-5523 (Closes: #792571)
Checksums-Sha1:
c5d21d17b2849fee5f44867a710f4c3e92058302 1885 tidy_20091223cvs-1.5.dsc
6577a19ed4e6a114c3631d2571def70030874976 8992 tidy_20091223cvs-1.5.diff.gz
0a76b3aaa1d1c6708a40f4fe5328cd49b7663a45 88796 tidy-doc_20091223cvs-1.5_all.deb
Checksums-Sha256:
14074e526faf120e4d7dfb5cc3896126f49023ac8298167fcb3ce5f8cedc3043 1885 tidy_20091223cvs-1.5.dsc
38d20f89180843304cce8cc51d78f656488bbf58bbb717804ac387bcc12978a7 8992 tidy_20091223cvs-1.5.diff.gz
71596f9c4442d5c3ff43fc9ffc16fbf7c411106e7165b85f929be7fe0f2bcaeb 88796 tidy-doc_20091223cvs-1.5_all.deb
Files:
96b9058dfb92e308d5e9448d59394c53 1885 web optional tidy_20091223cvs-1.5.dsc
dfb580037a34aa48f2aa49bf407edaba 8992 web optional tidy_20091223cvs-1.5.diff.gz
2a989f6410a0fd3d8395bc1a5b39339b 88796 doc optional tidy-doc_20091223cvs-1.5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVrQi5AAoJEAVMuPMTQ89E2UoP/ihXgce51ojuH4ZT9Zf77nPa
crYEYtM4uqALxL43jlnaeV1undxO2x56eQFBLAfNIfJ4Jofc8c1gByyEHEmvVoXo
Cd/FIdFAxQv45pQSIIQu/Qmb70Z9gZUyteq19DlKmPSvFOqnDYmdVmFdM0V7B7f3
rED+70LjMJkc7zNq8uwCUBuBuZqBZUrKc07dshj6GbcatkYgfx3bPlbawNjOipoN
I2DzYmhx5zkY8vMEUJ34KmOfa0m+5/ak+BXzmPLuL6tTvDLb4xvNShMA+7RFRN3f
7NYocD9hdRaypM1imVvpjm1Olb5WyuuRatLs7EOneSEK7xbKilC09CspWHOIiZDs
KRNgkIHCrTiUPCXjDGZqHESv1RbrSD3jB/7jWVZZPNglBwaHv1pZYwOmjupUSl4a
X210bkkADtXzQltJq3IFXEVEAKvy/lK8BGvjBbzqA5WD0nJL1wSaARmQz0vm/G5g
rr0pE8jFCJujQjuSurrpik/vi3tnh/fHdJAQp8jvt0FH9uEdD9qyLJk63IjODYPh
HyAD4at90KUqGYwRqhAz4qsDWg9tJVh4lGb2OINKBHVk+lVbqQpdlAslTqXkdjlJ
sxtQ9JGf0BlVV4wVsf1E0b8N0GEovH8hWPtOkkkZPemkIUyu4Gu2f8IYcHn1/apE
cMgsADIW3zb9TuWEk0QL
=0Tte
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 06 Sep 2015 07:37:37 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:12:10 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon