libhtmlcleaner-java (2.26-1+deb12u1) bookworm-security; urgency=high
* Non-maintainer upload.
* Fix CVE-2023-34624:
A security vulnerability has been discovered in libhtmlcleaner-java, a Java
HTML parser library. An attacker was able to cause a denial of service
(StackOverflowError) if the parser runs on user supplied input with deeply
nested HTML elements. This update introduces a new nesting depth limit
which can be overridden in cleaner properties.
-- Markus Koschany <email address hidden> Mon, 07 Aug 2023 17:51:31 +0200