-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 7 Aug 2023 18:17:55 CEST Source: libhtmlcleaner-java Architecture: source Version: 2.26-1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Alexandre Rossi <alexandre.rossi@gmail.com> Changed-By: Markus Koschany <apo@debian.org> Checksums-Sha1: 76ae5ba9f0674e4d00b3909edfaf88cb5a04f598 2396 libhtmlcleaner-java_2.26-1+deb12u1.dsc d6f9d95cb52760deba3768ecb76aa737341da7a8 205040 libhtmlcleaner-java_2.26.orig.tar.xz c1b302f8a4e34feab5fbd4076d176e1f8fda2977 9596 libhtmlcleaner-java_2.26-1+deb12u1.debian.tar.xz 035654677e8f1353a12c7b21128d0265841bd694 15381 libhtmlcleaner-java_2.26-1+deb12u1_amd64.buildinfo Checksums-Sha256: c82899da2bf59c41b47355d70817bd615447ec94551270fd90f4c1b210f71cc9 2396 libhtmlcleaner-java_2.26-1+deb12u1.dsc 97911a4fba03c64e13ae4d38a7b2f56c73075c1c38e418bfca1b520d8821be6c 205040 libhtmlcleaner-java_2.26.orig.tar.xz a89cd6cc7cabf43f93fb0c58c919515ebd7917910a2761ef6fcf5bae4a464651 9596 libhtmlcleaner-java_2.26-1+deb12u1.debian.tar.xz 578cfbc2dcf8371bd8c34496eb7680792bf5088fd6fc005d9f78594a7d96abb2 15381 libhtmlcleaner-java_2.26-1+deb12u1_amd64.buildinfo Changes: libhtmlcleaner-java (2.26-1+deb12u1) bookworm-security; urgency=high . * Non-maintainer upload. * Fix CVE-2023-34624: A security vulnerability has been discovered in libhtmlcleaner-java, a Java HTML parser library. An attacker was able to cause a denial of service (StackOverflowError) if the parser runs on user supplied input with deeply nested HTML elements. This update introduces a new nesting depth limit which can be overridden in cleaner properties. Files: b2b2183edc04c37b0b67ca76d0104d84 2396 java optional libhtmlcleaner-java_2.26-1+deb12u1.dsc 401c68be313ef81ce19b986cdc3f4d37 205040 java optional libhtmlcleaner-java_2.26.orig.tar.xz 0614b4cad74ad5973cf58d06e394a154 9596 java optional libhtmlcleaner-java_2.26-1+deb12u1.debian.tar.xz 1c83405453b84b32e4a05cd56d3580c7 15381 java optional libhtmlcleaner-java_2.26-1+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmTRGXVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hkz/cQAKlHYoTz12XNel9nCkHLIgZ5PhrpFdDCR83k d9id/gQiaFuNcgcfGE1DAUceYc7ioKZ3Kesiif6pJ1yd9hL4e0za6401XuTZ4eWd XOb2QAgKe6f9zrSjcVRZy3Wi/CFVGUvFFZlwuydR8afsxTlJ0EcZXdA4gqKKxPB5 M6zzf/0b2THeWF+wvOxiErFMf2TpBCwyIeG1kPqe6FmfX+uI+iZjuVhuFkIe4XnS FZQ38ec+yMJbT/lqgRbF4b9YrrFEQbiSS4mVsovdoXZ4EGMp9JkUMnDAFn8GVOsS UwA8Dp+MuY3eNw+DSQ4F7V79maBGoPOu+B8xkWNjPFbujadID8Y2ZDfc3RnXIVgM sUXu8DE2+OzkYM5i63A2zJZMJn4k9ENTnMdlf4ehsHUaHbArwWUz5zvdUdDJ4sGE Zrq0r7HIEhgtxq5y78S3Dw5gybliKuztYACRXBUW29iOBYl4VjIEQuob7sUjPiTO 0fa31kD44y8I+yKyszMSpc2BBGldmZtxhplMxwZrzl/GROrm6y6uzTzpNN9S94nX 9Giquk+nvJtoNdXZSIgvaT67+bjQxg3CKnQUw0ERqtDDNiRCrW3OhbxDbvuHojP2 rK9j06COBBlYK2Pbs0tsF7OWiriJdKiy38cEpMq0kx/ZcPjJn5hzXjMPJ3G3Gt56 9tQUeAQ/ =pNzZ -----END PGP SIGNATURE-----