Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-273-1:C6B60
HistoryJul 18, 2015 - 10:09 a.m.

[SECURITY] [DLA 273-1] tidy security update

2015-07-1810:09:52
lists.debian.org
9

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.015 Low

EPSS

Percentile

86.9%

JSON

Package : tidy
Version : 20091223cvs-1+deb6u1
CVE ID : CVE-2015-5522 CVE-2015-5523
Debian Bug : 792571

Fernando Muñoz discovered a security issue on the HTML syntax checker and
reformatter tidy. Tidy did not properly process specific character sequences,
and a remote attacker could exploit this flaw to cause a DoS, or probably,
execute arbitrary code. Two different CVEs were assigned to this issue.

CVE-2015-5522

Malformed html documents could lead to a heap-buffer-overflow.

CVE-2015-5523

Malformed html documents could lead to allocate 4Gb of memory.

For the Squeeze distribution, this issue has been fixed in the
20091223cvs-1+deb6u1 version of tidy.

We recommend that you upgrade your tidy packages.
Attachment:
signature.asc
Description: Digital signature

OSVersionArchitecturePackageVersionFilename
Debian7armhftidy< 20091223cvs-1.2+deb7u1tidy_20091223cvs-1.2+deb7u1_armhf.deb
Debian8kfreebsd-i386tidy< 20091223cvs-1.4+deb8u1tidy_20091223cvs-1.4+deb8u1_kfreebsd-i386.deb
Debian8ppc64ellibtidy-dev< 20091223cvs-1.4+deb8u1libtidy-dev_20091223cvs-1.4+deb8u1_ppc64el.deb
Debian7mipsellibtidy-dev< 20091223cvs-1.2+deb7u1libtidy-dev_20091223cvs-1.2+deb7u1_mipsel.deb
Debian7ia64libtidy-0.99-0< 20091223cvs-1.2+deb7u1libtidy-0.99-0_20091223cvs-1.2+deb7u1_ia64.deb
Debian7i386libtidy-0.99-0< 20091223cvs-1.2+deb7u1libtidy-0.99-0_20091223cvs-1.2+deb7u1_i386.deb
Debian8i386tidy< 20091223cvs-1.4+deb8u1tidy_20091223cvs-1.4+deb8u1_i386.deb
Debian8alltidy-doc< 20091223cvs-1.4+deb8u1tidy-doc_20091223cvs-1.4+deb8u1_all.deb
Debian8alltidy< 20091223cvs-1.4+deb8u1tidy_20091223cvs-1.4+deb8u1_all.deb
Debian7powerpclibtidy-dev< 20091223cvs-1.2+deb7u1libtidy-dev_20091223cvs-1.2+deb7u1_powerpc.deb
Rows per page:
1-10 of 871

Related

osv 2
nessus 6
ubuntucve 2
openvas 3
ubuntu 1
securityvulns 8
debian 1
freebsd 1
prion 2
cve 2
osv
osv
tidy - security update
2015-07-18 00:00:00
tidy - security update
2015-07-18 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : HTML Tidy vulnerabilities (USN-2695-1)
2015-07-30 00:00:00
SUSE SLED11 Security Update : tidy (SUSE-SU-2015:1525-1)
2015-09-11 00:00:00
FreeBSD : tidy -- heap-buffer-overflow (bd1ab7a5-0e01-11e5-9976-a0f3c100ae18)
2015-06-09 00:00:00
ubuntucve
ubuntucve
CVE-2015-5523
2015-07-16 00:00:00
CVE-2015-5522
2015-07-16 00:00:00
openvas
openvas
Ubuntu Update for tidy USN-2695-1
2015-07-30 00:00:00
Debian Security Advisory DSA 3309-1 (tidy - security update)
2015-07-18 00:00:00
Debian Security Advisory DSA 3309-1 (tidy - security update)
2015-07-18 00:00:00
ubuntu
ubuntu
HTML Tidy vulnerabilities
2015-07-29 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3309-1] tidy security update
2015-07-20 00:00:00
tidy security vulnerabilities
2015-07-20 00:00:00
APPLE-SA-2015-09-21-1 watchOS 2
2015-10-05 00:00:00
debian
debian
[SECURITY] [DSA 3309-1] tidy security update
2015-07-18 17:11:56
freebsd
freebsd
tidy -- heap-buffer-overflow
2015-06-03 00:00:00
prion
prion
Memory corruption
2015-08-11 14:59:00
Heap overflow
2015-08-11 14:59:00
cve
cve
CVE-2015-5523
2015-08-11 14:59:00
CVE-2015-5522
2015-08-11 14:59:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.015 Low

EPSS

Percentile

86.9%

JSON
Related for DEBIAN:DLA-273-1:C6B60
osv2nessus6ubuntucve2openvas3ubuntu1securityvulns8debian1freebsd1prion2cve2