oss-sec mailing list archives
CVE-2009-3627 assignment notification - HTML-Parser-3.63
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 23 Oct 2009 20:59:44 +0200
Hello Steve, vendors, Mark Martinec reported a denial of service flaw ((infinite loop), present in HTML-Parser in versions prior to 3.63, while parsing HTML entity with invalid UTF-8 character. References: ----------- https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225 http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/HTML-Parser-3.63.tar.gz Upstream patch: --------------- http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c Affected versions: ------------------ Issue was confirmed in 3.55 version of perl HTML-Parser module. CVE identifier: --------------- CVE identifier of CVE-2009-3627 has been already assigned to this issue. Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE-2009-3627 assignment notification - HTML-Parser-3.63 Jan Lieskovsky (Oct 23)