-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 7 Aug 2023 18:32:06 CEST Source: libhtmlcleaner-java Architecture: source Version: 2.24-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Alexandre Rossi <alexandre.rossi@gmail.com> Changed-By: Markus Koschany <apo@debian.org> Checksums-Sha1: de255b009a74851f6d745a34bec5859781397066 2396 libhtmlcleaner-java_2.24-1+deb11u1.dsc e9e851b724f61e1a39c04e7b04214686e3aa780e 299570 libhtmlcleaner-java_2.24.orig.tar.gz 9cbb5ab71366c0e354bb44ba18ab2ef5a79bac88 9384 libhtmlcleaner-java_2.24-1+deb11u1.debian.tar.xz 2fc0569f547e0ed614f02c11d3cbd0217f43544a 15647 libhtmlcleaner-java_2.24-1+deb11u1_amd64.buildinfo Checksums-Sha256: 87de4af84d45600c09a45470d6ffd36f6459eef0fe2b2548c0cff404b3c16e34 2396 libhtmlcleaner-java_2.24-1+deb11u1.dsc c00274a65e2224a88b3eac1094a9f9377c838cd677d1280ff9948d2b839be620 299570 libhtmlcleaner-java_2.24.orig.tar.gz 826efbad004afe6856b0053e71261c5861fd1896ec6c6b66a6dcc82b8b36f7d4 9384 libhtmlcleaner-java_2.24-1+deb11u1.debian.tar.xz 283ca43936ffef9f92a3b22602fd2cc3e64ac9b9584c6f530d830d213bd9031d 15647 libhtmlcleaner-java_2.24-1+deb11u1_amd64.buildinfo Changes: libhtmlcleaner-java (2.24-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload. * Fix CVE-2023-34624: A security vulnerability has been discovered in libhtmlcleaner-java, a Java HTML parser library. An attacker was able to cause a denial of service (StackOverflowError) if the parser runs on user supplied input with deeply nested HTML elements. This update introduces a new nesting depth limit which can be overridden in cleaner properties. Files: 4f44e57ac7c33a84540faee6efe595e1 2396 java optional libhtmlcleaner-java_2.24-1+deb11u1.dsc 6ace8f3f4dc3c654701abf8cedecba4b 299570 java optional libhtmlcleaner-java_2.24.orig.tar.gz c5be53798e2e43fd35faa9eaeab15f25 9384 java optional libhtmlcleaner-java_2.24-1+deb11u1.debian.tar.xz 2788cb0370ce8c7310281350781fe679 15647 java optional libhtmlcleaner-java_2.24-1+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmTRHLhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hkm/cQAJFDwa/xXyKl3V3Exs2GfWRlUysNb4hM9Iwg Tv8hSgiads5UVYAmNVKWK/GyLP5bW2Jht+yMTCiSGR1xSTLouwfjqrK/T278QLD+ XfXikwlcsvr1sxzDqPSDU5TPE3eYlgu+HOUZczKLFU8yTyfmYe918Mf5M/DGcBm0 T0ujZXCGZVobkBETffk6P0tWOo2Xn+Nar2fD5Wm5BhWXi220CkpatRbAp67dLr6l wh1FxWsN/gCzg4mI/r8Uyam0bKUoAWWu0aZaJ2i/591M4FNpSy4dvE9dKMZBQaxt AY+zeUoOIHWERVs1uXO/ZMIkldEaar+zrMBtnNskRRFTM2tIwfo6KLffrRf0Zxqe Zaf2J2Ekks8qm0kr9/OFiacz3A01qx5BYR8qIyE8dYd6RQ7aoX/Cg16MqxQtgyVU aMqG8RoizJiqolJF1GfyUGaPCIJn6TuLCIFwyWSZ+D6eeVLTNcJTrulBb1W6QL/f VBV4QvEouKy65Y8GeDcEowJiOCs8dM/EEeAMqZtbC8lhBNQNUVjXEFEgR5acmjVv pBC7TAa/fEWpFG5HeA1t7cbYCdo8y/gMZo4e9h16dzME0Kv+MMzT/17jMxWcmbw4 vm7rFqsStvCe8hVgYs/sKujXYdbh2uV0NI8bsLjS0eW3cSde1I2XWIql1bGcQNwr YCAqfTyd =FPj6 -----END PGP SIGNATURE-----