An update for tidy is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1017 Final 1.0 1.0 2024-01-05 Initial 2024-01-05 2024-01-05 openEuler SA Tool V1.0 2024-01-05 tidy security update An update for tidy is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2. When editing HTML it's easy to make mistakes. Wouldn't it be nice if there was a simple way to fix these mistakes automatically and tidy up sloppy editing into nicely laid out markup? Well now there is! Dave Raggett's HTML TIDY is a free utility for doing just that. It also works great on the atrociously hard to read markup generated by specialized HTML editors and conversion tools, and can help you identify where you need to pay further attention on making your pages more accessible to people with disabilities. Security Fix(es): An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.(CVE-2021-33391) An update for tidy is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical tidy https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1017 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33391 https://nvd.nist.gov/vuln/detail/CVE-2021-33391 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 tidy-debuginfo-5.6.0-5.oe1.aarch64.rpm libtidy-devel-5.6.0-5.oe1.aarch64.rpm libtidy-5.6.0-5.oe1.aarch64.rpm tidy-debugsource-5.6.0-5.oe1.aarch64.rpm tidy-5.6.0-5.oe1.aarch64.rpm libtidy-5.6.0-5.oe1.aarch64.rpm libtidy-devel-5.6.0-5.oe1.aarch64.rpm tidy-debuginfo-5.6.0-5.oe1.aarch64.rpm tidy-5.6.0-5.oe1.aarch64.rpm tidy-debugsource-5.6.0-5.oe1.aarch64.rpm tidy-debuginfo-5.6.0-5.oe2003sp4.aarch64.rpm libtidy-5.6.0-5.oe2003sp4.aarch64.rpm tidy-5.6.0-5.oe2003sp4.aarch64.rpm tidy-debugsource-5.6.0-5.oe2003sp4.aarch64.rpm libtidy-devel-5.6.0-5.oe2003sp4.aarch64.rpm tidy-debugsource-5.7.28-2.oe2203.aarch64.rpm libtidy-devel-5.7.28-2.oe2203.aarch64.rpm tidy-5.7.28-2.oe2203.aarch64.rpm libtidy-5.7.28-2.oe2203.aarch64.rpm tidy-debuginfo-5.7.28-2.oe2203.aarch64.rpm tidy-debuginfo-5.7.28-2.oe2203sp1.aarch64.rpm libtidy-5.7.28-2.oe2203sp1.aarch64.rpm tidy-debugsource-5.7.28-2.oe2203sp1.aarch64.rpm libtidy-devel-5.7.28-2.oe2203sp1.aarch64.rpm tidy-5.7.28-2.oe2203sp1.aarch64.rpm libtidy-devel-5.7.28-2.oe2203sp2.aarch64.rpm tidy-debuginfo-5.7.28-2.oe2203sp2.aarch64.rpm tidy-5.7.28-2.oe2203sp2.aarch64.rpm tidy-debugsource-5.7.28-2.oe2203sp2.aarch64.rpm libtidy-5.7.28-2.oe2203sp2.aarch64.rpm tidy-help-5.6.0-5.oe1.noarch.rpm tidy-help-5.6.0-5.oe1.noarch.rpm tidy-help-5.6.0-5.oe2003sp4.noarch.rpm tidy-help-5.7.28-2.oe2203.noarch.rpm tidy-help-5.7.28-2.oe2203sp1.noarch.rpm tidy-help-5.7.28-2.oe2203sp2.noarch.rpm tidy-5.6.0-5.oe1.src.rpm tidy-5.6.0-5.oe1.src.rpm tidy-5.6.0-5.oe2003sp4.src.rpm tidy-5.7.28-2.oe2203.src.rpm tidy-5.7.28-2.oe2203sp1.src.rpm tidy-5.7.28-2.oe2203sp2.src.rpm tidy-debugsource-5.6.0-5.oe1.x86_64.rpm tidy-debuginfo-5.6.0-5.oe1.x86_64.rpm libtidy-devel-5.6.0-5.oe1.x86_64.rpm libtidy-5.6.0-5.oe1.x86_64.rpm tidy-5.6.0-5.oe1.x86_64.rpm tidy-debuginfo-5.6.0-5.oe1.x86_64.rpm libtidy-devel-5.6.0-5.oe1.x86_64.rpm tidy-debugsource-5.6.0-5.oe1.x86_64.rpm tidy-5.6.0-5.oe1.x86_64.rpm libtidy-5.6.0-5.oe1.x86_64.rpm libtidy-devel-5.6.0-5.oe2003sp4.x86_64.rpm tidy-debugsource-5.6.0-5.oe2003sp4.x86_64.rpm tidy-debuginfo-5.6.0-5.oe2003sp4.x86_64.rpm libtidy-5.6.0-5.oe2003sp4.x86_64.rpm tidy-5.6.0-5.oe2003sp4.x86_64.rpm tidy-5.7.28-2.oe2203.x86_64.rpm tidy-debuginfo-5.7.28-2.oe2203.x86_64.rpm libtidy-5.7.28-2.oe2203.x86_64.rpm tidy-debugsource-5.7.28-2.oe2203.x86_64.rpm libtidy-devel-5.7.28-2.oe2203.x86_64.rpm libtidy-5.7.28-2.oe2203sp1.x86_64.rpm tidy-5.7.28-2.oe2203sp1.x86_64.rpm libtidy-devel-5.7.28-2.oe2203sp1.x86_64.rpm tidy-debugsource-5.7.28-2.oe2203sp1.x86_64.rpm tidy-debuginfo-5.7.28-2.oe2203sp1.x86_64.rpm tidy-debugsource-5.7.28-2.oe2203sp2.x86_64.rpm libtidy-devel-5.7.28-2.oe2203sp2.x86_64.rpm tidy-debuginfo-5.7.28-2.oe2203sp2.x86_64.rpm tidy-5.7.28-2.oe2203sp2.x86_64.rpm libtidy-5.7.28-2.oe2203sp2.x86_64.rpm An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c. 2024-01-05 CVE-2021-33391 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H tidy security update 2024-01-05 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1017