From ${URL} : A use-after-free was discovered in tidy-html5 (5.1.25) using afl. Technical details are available here: https://github.com/htacg/tidy-html5/issues/341 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
This issue is being worked on by upstream. I asked for an ETA but no answer so far. https://github.com/htacg/tidy-html5/issues/341#issuecomment-172794323
fixed here: https://github.com/htacg/tidy-html5/pull/368
Fix is in place but in the master branch. However, master is already at 5.1.45: https://github.com/htacg/tidy-html5/commit/b2c591c138a51b605fb5d82a02c24faf986701ed and I'm not seeing a new release tag as of now, the latest is still .25 on github :/ I'll revisit this bug in a couple of weeks.
This looks obsolete, as this fix should be in 5.2.0, which is currently the only version in the tree. (However 5.4.0, which has just been released, fixes another memory safety issue, see #611424)
Confirmed, patch is in 5.2.0. Repository is clean. Package has no stable ebuild, all done.