From ${URL} : An out-of-bounds heap read was found in tidy caused by specially crafted input. Upstream bug: https://github.com/htacg/tidy-html5/issues/379 Public via: http://seclists.org/oss-sec/2016/q1/457 @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
Issues were resolved in: https://github.com/htacg/tidy-html5/commit/8a31aad0e35c192bde6fa4c995d96b6eede7ebba @maintainer, please cleanup the vulnerable version (5.1.9) in tree.
commit ec058ac199d3547ef86fc6124b66d6c267094846 (HEAD -> master) Author: Patrice Clement <monsieurp@gentoo.org> AuthorDate: Mon Jun 6 09:13:19 2016 +0000 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: Mon Jun 6 09:13:19 2016 +0000 app-text/tidy-html5: Clean up vulnerable version. Gentoo-Bug: https://bugs.gentoo.org/576870 Gentoo-Bug: https://bugs.gentoo.org/576138 Package-Manager: portage-2.2.28 app-text/tidy-html5/Manifest | 1 - app-text/tidy-html5/tidy-html5-5.1.9.ebuild | 44 -------------------------------------------- 2 files changed, 45 deletions(-) delete mode 100644 app-text/tidy-html5/tidy-html5-5.1.9.ebuild
Please proceed.
Cleanup complete by maintainer. Unstable, so no GLSA is required.