{"affected":[{"ecosystem_specific":{"binaries":[{"htmldoc":"1.9.12-bp151.4.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP1","name":"htmldoc","purl":"pkg:rpm/suse/htmldoc&distro=SUSE%20Package%20Hub%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.9.12-bp151.4.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for htmldoc fixes the following issues:\n\nUpdate to version 1.9.12\n\n* Fixed buffer-overflow CVE-2021-20308 ( boo#1184424 )\n* Fixed a crash bug with 'data:' URIs and EPUB output\n* Fixed several other crash bugs\n* Fixed JPEG error handling\n* Fixed some minor issues\n* Removed the bundled libjpeg, libpng, and zlib.\n\nupdate to 1.9.11:\n\n- Added high-resolution desktop icons for Linux.\n- Updated the internal HTTP library to fix truncation of redirection URLs\n- Fixed a regression in the handling of character entities for UTF-8 input\n- The `--numbered` option did not work when the table-of-contents was disabled\n- Updated local zlib to v1.2.11.\n- Updated local libpng to v1.6.37.\n- Fixed packaging issues on macOS and Windows\n- Now ignore sRGB profile errors in PNG files\n- The GUI would crash when saving\n- Page comments are now allowed in `pre` text\n\nupdate to 1.9.9:\n\n- Added support for a `HTMLDOC.filename` META keyword that controls the filename\n  reported in CGI mode; the default remains 'htmldoc.pdf' (Issue #367)\n- Fixed a paragraph formatting issue with large inline images (Issue #369)\n- Fixed a buffer underflow issue (Issue #370)\n- Fixed PDF page numbers (Issue #371)\n- Added support for a new `L` header/footer format (`$LETTERHEAD`), which\n  inserts a letterhead image at its full size (Issue #372, Issue #373,\n  Issue #375)\n- Updated the build documentation (Issue #374)\n- Refactored the PRE rendering code to work around compiler optimization bugs\n- Added support for links with targets (Issue #351)\n- Fixed a table rowspan + valign bug (Issue #360)\n- Added support for data URIs (Issue #340)\n- HTMLDOC no longer includes a PDF table of contents when converting a single\n  web page (Issue #344)\n- Updated the markdown support with external links, additional inline markup,\n  and hard line breaks.\n- Links in markdown text no longer render with a leading space as part of the\n  link (Issue #346)\n- Fixed a buffer underflow bug discovered by AddressSanitizer.\n- Fixed a bug in UTF-8 support (Issue #348)\n- PDF output now includes the base language of the input document(s)\n- Optimized the loading of font widths (Issue #354)\n- Optimized PDF page resources (Issue #356)\n- Optimized the base memory used for font widths (Issue #357)\n- Added proper `­` support (Issue #361)\n- Title files can now be markdown.\n- The GUI did not support EPUB output.\n- Empty markdown table cells were not rendered in PDF or PostScript output.\n- The automatically-generated title page now supports both 'docnumber' and\n  'version' metadata.\n- Added support for dc:subject and dc:language metadata in EPUB output from the\n  HTML keywords and lang values.\n- Added support for the subject and language metadata in markdown input.\n- Fixed a buffer underflow bug (Issue #338)\n- `htmldoc --help` now reports whether HTTPS URLs are supported (Issue #339)\n- Fixed an issue with HTML title pages and EPUB output.\n- Inline fixed-width text is no longer reduced in size automatically\n- Optimized initialization of font width data (Issue #334)\n- Fixed formatting bugs with aligned images (Issue #322, Issue #324)\n- Fixed support for three digit '#RGB' color values (Issue #323)\n- Fixed character set support for markdown metadata.\n- Updated libpng to v1.6.34 (Issue #326)\n- The makefiles did not use the CPPFLAGS value (Issue #328)\n- Added Markdown table support.\n- Fixed parsing of TBODY, TFOOT, and THEAD elements in HTML files.\n","id":"openSUSE-SU-2021:0895-1","modified":"2021-06-18T16:06:41Z","published":"2021-06-18T16:06:41Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBHXPTEDODFUJSSP4XPVQOKK5PUKOPN6/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1184424"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-20308"}],"related":["CVE-2021-20308"],"summary":"Security update for htmldoc","upstream":["CVE-2021-20308"]}