Bug 14236

Summary:	[CVE 21] tidy CVE
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Vladimir Potapov <v.potapov>
Component:	Packages from Main	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	blocker
Priority:	Highest	CC:	a.proklov, pastordidi
Version:	All	Flags:	v.potapov: qa_verified+ v.potapov: secteam_verified? a.proklov: published+
Target Milestone:	---
Hardware:	All
OS:	Linux
URL:	CVE-2021-33391
Whiteboard:
Platform:	---	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Vladimir Potapov 2024-01-12 12:28:26 MSK

https://nvd.nist.gov/vuln/detail/CVE-2021-33391 Critical!

Comment 1 Aleksandr Proklov 2024-01-15 07:09:43 MSK

Патч вроде и есть, но с ним не собирается версия 5.7.28

Comment 2 Aleksandr Proklov 2024-01-15 07:09:50 MSK

https://github.com/htacg/tidy-html5/issues/946

Comment 3 Aleksandr Proklov 2024-01-15 08:12:00 MSK

уязвимость закрыта патчами

tidy	5.7.28-2

https://abf.io/build_lists/4955540
https://abf.io/build_lists/4955541 х64
https://abf.io/build_lists/4955542
https://abf.io/build_lists/4955543
https://abf.io/build_lists/4955544

Comment 4 Dmitry Postnikov 2024-01-15 23:14:48 MSK

*****************************
Обновление отослано в Тестинг

Comment 5 Vladimir Potapov 2024-01-24 09:11:36 MSK

tidy-5.7.28-2
https://abf.io/build_lists/4955540
https://abf.io/build_lists/4955541 х64
https://abf.io/build_lists/4955542
https://abf.io/build_lists/4955543
https://abf.io/build_lists/4955544
*************************** Advisory **********************
CVE fixed via patches
***********************************************************
QA Verified