{"affected":[{"ecosystem_specific":{"binaries":[{"libtidy-0_99-0":"1.0.20100204cvs-25.3","libtidy-0_99-0-devel":"1.0.20100204cvs-25.3","tidy":"1.0.20100204cvs-25.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12","name":"tidy","purl":"pkg:rpm/suse/tidy&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.20100204cvs-25.3"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update fixes two heap-based buffer overflows in tidy/libtidy. These vulnerabilities\ncould allow remote attackers to cause a denial of service (crash) via vectors involving\na command character in an href. (CVE-2015-5522, CVE-2015-5523)\n","id":"SUSE-SU-2015:1513-1","modified":"2015-08-26T20:03:54Z","published":"2015-08-26T20:03:54Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20151513-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/903962"},{"type":"REPORT","url":"https://bugzilla.suse.com/933588"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5522"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-5523"}],"related":["CVE-2015-5522","CVE-2015-5523"],"summary":"Security update for tidy","upstream":["CVE-2015-5522","CVE-2015-5523"]}